{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","type":"deb","namespace":"debian","name":"thunderbird","version":"1:140.8.0esr-1~deb13u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:140.10.2esr-1","latest_non_vulnerable_version":"1:140.10.2esr-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=json","vulnerability_id":"VCID-13he-qsr4-h3d4","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07357","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07392","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07342","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07363","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07282","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726","reference_id":"2450726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329","reference_id":"show_bug.cgi?id=2016329","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342","reference_id":"show_bug.cgi?id=2016342","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4709"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62776?format=json","vulnerability_id":"VCID-15j8-br8z-juf3","summary":"Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3889","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07517","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07437","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07427","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07515","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07528","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07542","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07541","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07518","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08492","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08286","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08255","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08225","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08361","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0843","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08408","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08436","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451006","reference_id":"2451006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451006"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020723","reference_id":"show_bug.cgi?id=2020723","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-3889"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15j8-br8z-juf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=json","vulnerability_id":"VCID-1fv1-edht-ufag","summary":"Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723","reference_id":"2450723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405","reference_id":"show_bug.cgi?id=2018405","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4715"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354952?format=json","vulnerability_id":"VCID-1y9d-wx59-fyh2","summary":"Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7323.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7323","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10831","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17941","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18038","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7323"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463481","reference_id":"2463481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463481"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602","reference_id":"buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-7323"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1y9d-wx59-fyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=json","vulnerability_id":"VCID-23eu-22t2-cydd","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06205","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725","reference_id":"2450725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126","reference_id":"show_bug.cgi?id=2018126","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=json","vulnerability_id":"VCID-26d3-ctnj-7kbh","summary":"Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10131","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11214","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11257","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11186","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11313","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11247","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11187","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738","reference_id":"2450738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512","reference_id":"show_bug.cgi?id=2017512","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4691"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=json","vulnerability_id":"VCID-289s-f2w6-53g9","summary":"Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720","reference_id":"2450720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592","reference_id":"show_bug.cgi?id=2018592","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4716"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353248?format=json","vulnerability_id":"VCID-2fqb-r5zb-a7dp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19823","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19704","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1974","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19732","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19657","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103","reference_id":"2460103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604","reference_id":"show_bug.cgi?id=2022604","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6748"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fqb-r5zb-a7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=json","vulnerability_id":"VCID-351y-4nek-u3aw","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12871","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13883","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14159","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14256","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14117","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14129","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14041","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719","reference_id":"2450719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906","reference_id":"show_bug.cgi?id=2020906","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4698"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357131?format=json","vulnerability_id":"VCID-3a6f-173h-fqbz","summary":"Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8092.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8092","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04202","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05106","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06372","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06183","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467708","reference_id":"2467708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467708"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516","reference_id":"buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-40","reference_id":"mfsa2026-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-40/","reference_id":"mfsa2026-40","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-41/","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-42/","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-42/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-43","reference_id":"mfsa2026-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-43/","reference_id":"mfsa2026-43","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-44/","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T03:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-44/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1112931?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1"}],"aliases":["CVE-2026-8092"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3a6f-173h-fqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=json","vulnerability_id":"VCID-3grf-hwk1-3fh8","summary":"Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06205","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746","reference_id":"2450746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367","reference_id":"show_bug.cgi?id=2016367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4719"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=json","vulnerability_id":"VCID-3kd3-hwzv-efbn","summary":"Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06155","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06198","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06999","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07261","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07238","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07149","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711","reference_id":"2450711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_id":"buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4721"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353261?format=json","vulnerability_id":"VCID-3kv6-c148-nkhq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13243","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13142","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1315","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12916","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1317","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107","reference_id":"2460107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419","reference_id":"show_bug.cgi?id=2022419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6765"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kv6-c148-nkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=json","vulnerability_id":"VCID-3xgu-7evz-mffw","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0562","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06532","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06284","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06416","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06491","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06502","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06514","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722","reference_id":"2450722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873","reference_id":"show_bug.cgi?id=2014873","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4705"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357129?format=json","vulnerability_id":"VCID-4e49-6tg2-e7d9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8090.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8090","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03632","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03626","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05044","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05943","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467709","reference_id":"2467709","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467709"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-40","reference_id":"mfsa2026-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-40/","reference_id":"mfsa2026-40","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-41/","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-42/","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-42/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-43","reference_id":"mfsa2026-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-43/","reference_id":"mfsa2026-43","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-44/","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-44/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034352","reference_id":"show_bug.cgi?id=2034352","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:49:35Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034352"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1112931?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1"}],"aliases":["CVE-2026-8090"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e49-6tg2-e7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=json","vulnerability_id":"VCID-4q6w-tdk9-d3an","summary":"Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751","reference_id":"2450751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_id":"buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4720"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353265?format=json","vulnerability_id":"VCID-59d3-343b-e3aw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18038","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17941","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079","reference_id":"2460079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220","reference_id":"show_bug.cgi?id=2024220","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59d3-343b-e3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=json","vulnerability_id":"VCID-5dw5-vpt8-zqbz","summary":"Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17244","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19999","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20048","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20167","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21541","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21613","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2152","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21869","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21867","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901","reference_id":"2455901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-26/","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-26/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-5731"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353257?format=json","vulnerability_id":"VCID-61r1-arbe-dke4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13548","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13464","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13434","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13356","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13201","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099","reference_id":"2460099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857","reference_id":"show_bug.cgi?id=2017857","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6761"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61r1-arbe-dke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=json","vulnerability_id":"VCID-646f-ndeq-5bee","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07427","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07442","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07372","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07477","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07443","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07233","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757","reference_id":"2450757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368","reference_id":"show_bug.cgi?id=2016368","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4687"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=json","vulnerability_id":"VCID-675n-7uzz-pqdj","summary":"Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05519","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06216","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06291","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06307","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06315","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713","reference_id":"2450713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373","reference_id":"show_bug.cgi?id=2016373","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4688"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62777?format=json","vulnerability_id":"VCID-6mur-mtfg-97gt","summary":"A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4371","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17505","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17579","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1749","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19042","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1892","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18878","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18754","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18941","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18903","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18939","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451001","reference_id":"2451001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451001"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023493","reference_id":"show_bug.cgi?id=2023493","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4371"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mur-mtfg-97gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=json","vulnerability_id":"VCID-77y6-jskt-qucb","summary":"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15123","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15245","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14998","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15202","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15808","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18262","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18108","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18164","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23052","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libexpat/libexpat/issues/1018","reference_id":"1018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/issues/1018"},{"reference_url":"https://github.com/libexpat/libexpat/pull/1034","reference_id":"1034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/pull/1034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298","reference_id":"1115298","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108","reference_id":"2395108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108"},{"reference_url":"https://issues.oss-fuzz.com/issues/439133977","reference_id":"439133977","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://issues.oss-fuzz.com/issues/439133977"},{"reference_url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes","reference_id":"Changes","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"},{"reference_url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74","reference_id":"Changes#L45-L74","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19403","reference_id":"RHSA-2025:19403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21030","reference_id":"RHSA-2025:21030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21773","reference_id":"RHSA-2025:21773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21776","reference_id":"RHSA-2025:21776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21974","reference_id":"RHSA-2025:21974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22033","reference_id":"RHSA-2025:22033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22034","reference_id":"RHSA-2025:22034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22035","reference_id":"RHSA-2025:22035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22175","reference_id":"RHSA-2025:22175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22607","reference_id":"RHSA-2025:22607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22618","reference_id":"RHSA-2025:22618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22785","reference_id":"RHSA-2025:22785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22842","reference_id":"RHSA-2025:22842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22871","reference_id":"RHSA-2025:22871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22935","reference_id":"RHSA-2025:22935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23227","reference_id":"RHSA-2025:23227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23248","reference_id":"RHSA-2025:23248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23550","reference_id":"RHSA-2025:23550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0001","reference_id":"RHSA-2026:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0076","reference_id":"RHSA-2026:0076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0077","reference_id":"RHSA-2026:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0078","reference_id":"RHSA-2026:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0326","reference_id":"RHSA-2026:0326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0332","reference_id":"RHSA-2026:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0420","reference_id":"RHSA-2026:0420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0674","reference_id":"RHSA-2026:0674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0677","reference_id":"RHSA-2026:0677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0702","reference_id":"RHSA-2026:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0996","reference_id":"RHSA-2026:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1541","reference_id":"RHSA-2026:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3407","reference_id":"RHSA-2026:3407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5396","reference_id":"RHSA-2026:5396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5396"},{"reference_url":"https://usn.ubuntu.com/8022-1/","reference_id":"USN-8022-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8022-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2025-59375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353262?format=json","vulnerability_id":"VCID-7jt2-zr49-7ye5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09926","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13452","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13719","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13622","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13591","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13601","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13516","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13359","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097","reference_id":"2460097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207","reference_id":"show_bug.cgi?id=2023207","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6766"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jt2-zr49-7ye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=json","vulnerability_id":"VCID-8qyy-e4jt-rbc4","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06077","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06049","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06068","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715","reference_id":"2450715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030","reference_id":"show_bug.cgi?id=2020030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62756?format=json","vulnerability_id":"VCID-8vka-qus2-tbhj","summary":"Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03829","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03927","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05283","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0519","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05179","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05229","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05284","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283","reference_id":"1128283","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219","reference_id":"2440219","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-10/","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-11/","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-11/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3967","reference_id":"RHSA-2026:3967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4447","reference_id":"RHSA-2026:4447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4629","reference_id":"RHSA-2026:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5227","reference_id":"RHSA-2026:5227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5228","reference_id":"RHSA-2026:5228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5229","reference_id":"RHSA-2026:5229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5230","reference_id":"RHSA-2026:5230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5231","reference_id":"RHSA-2026:5231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5319","reference_id":"RHSA-2026:5319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5320","reference_id":"RHSA-2026:5320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5323","reference_id":"RHSA-2026:5323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5324","reference_id":"RHSA-2026:5324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5326","reference_id":"RHSA-2026:5326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390","reference_id":"show_bug.cgi?id=2014390","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390"},{"reference_url":"https://usn.ubuntu.com/8053-1/","reference_id":"USN-8053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8053-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-2447"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vka-qus2-tbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=json","vulnerability_id":"VCID-8xek-k5y2-6bfp","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08368","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08547","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08605","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08522","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08463","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718","reference_id":"2450718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374","reference_id":"show_bug.cgi?id=2016374","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4689"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353251?format=json","vulnerability_id":"VCID-95et-ezmb-buau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18038","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17941","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109","reference_id":"2460109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883","reference_id":"show_bug.cgi?id=2025883","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6751"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95et-ezmb-buau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=json","vulnerability_id":"VCID-9ag7-z86d-nba9","summary":"Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18556","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1828","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18413","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18365","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20018","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19988","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20101","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897","reference_id":"2455897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_id":"buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-5734"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353259?format=json","vulnerability_id":"VCID-9nbw-7c9e-13af","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17347","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17309","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17243","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17154","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101","reference_id":"2460101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666","reference_id":"show_bug.cgi?id=2021666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbw-7c9e-13af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354949?format=json","vulnerability_id":"VCID-9uk1-zvat-5qc9","summary":"Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7320.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7320.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7320","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15285","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15362","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15258","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15164","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15242","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7320"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7320","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463483","reference_id":"2463483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463483"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-37/","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027433","reference_id":"show_bug.cgi?id=2027433","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:36:38Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027433"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-7320"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uk1-zvat-5qc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353258?format=json","vulnerability_id":"VCID-av7u-3g4m-mugm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12289","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13456","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13427","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13431","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13541","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13346","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076","reference_id":"2460076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080","reference_id":"show_bug.cgi?id=2021080","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6762"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av7u-3g4m-mugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=json","vulnerability_id":"VCID-b4bq-q3ga-3ff1","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04389","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04387","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04325","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04393","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04556","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755","reference_id":"2450755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267","reference_id":"show_bug.cgi?id=2015267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4707"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=json","vulnerability_id":"VCID-b6sf-z5tm-4uau","summary":"Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08422","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08451","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08375","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08507","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08445","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08301","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740","reference_id":"2450740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190","reference_id":"show_bug.cgi?id=2020190","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4696"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353250?format=json","vulnerability_id":"VCID-bwth-uepr-z7a3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12533","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13713","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13837","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13741","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13708","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13629","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14809","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102","reference_id":"2460102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407","reference_id":"show_bug.cgi?id=2023407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6750"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwth-uepr-z7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353246?format=json","vulnerability_id":"VCID-cjsm-7gxr-8ygw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1962","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19525","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112","reference_id":"2460112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596","reference_id":"show_bug.cgi?id=2014596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6746"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjsm-7gxr-8ygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353252?format=json","vulnerability_id":"VCID-d16s-p141-qbft","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15181","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.1988","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20031","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19943","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19919","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19949","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19862","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078","reference_id":"2460078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499","reference_id":"show_bug.cgi?id=2027499","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6752"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d16s-p141-qbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=json","vulnerability_id":"VCID-e2k8-m9sm-8uek","summary":"Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739","reference_id":"2450739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863","reference_id":"show_bug.cgi?id=2021863","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4699"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=json","vulnerability_id":"VCID-ft6u-geds-fua9","summary":"JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744","reference_id":"2450744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560","reference_id":"show_bug.cgi?id=2013560","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4702"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353263?format=json","vulnerability_id":"VCID-fxjm-ywug-f3d5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14892","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1481","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14769","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14546","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14764","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086","reference_id":"2460086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209","reference_id":"show_bug.cgi?id=2023209","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjm-ywug-f3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=json","vulnerability_id":"VCID-gkva-6cu9-7keg","summary":"Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07741","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07792","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07933","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07945","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07876","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07769","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07958","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08006","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748","reference_id":"2450748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643","reference_id":"show_bug.cgi?id=2017643","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4692"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353267?format=json","vulnerability_id":"VCID-hk2m-rbdy-nqhc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15285","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15242","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15258","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15362","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15164","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074","reference_id":"2460074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089","reference_id":"show_bug.cgi?id=2026089","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6772"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk2m-rbdy-nqhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=json","vulnerability_id":"VCID-hshc-4xnc-gug4","summary":"Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06077","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06049","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06068","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756","reference_id":"2450756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868","reference_id":"show_bug.cgi?id=2014868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4704"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=json","vulnerability_id":"VCID-hstd-23qm-bqdg","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712","reference_id":"2450712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695","reference_id":"show_bug.cgi?id=2021695","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4717"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=json","vulnerability_id":"VCID-j1hb-8jjy-tqgq","summary":"Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741","reference_id":"2450741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102","reference_id":"show_bug.cgi?id=2018102","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4693"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=json","vulnerability_id":"VCID-kuwd-6tcg-fuha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06205","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730","reference_id":"2450730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113","reference_id":"show_bug.cgi?id=2018113","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4713"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=json","vulnerability_id":"VCID-m6uv-91wz-xfdv","summary":"Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06091","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0689","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06619","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06638","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06764","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0683","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06832","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06853","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752","reference_id":"2450752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766","reference_id":"show_bug.cgi?id=2003766","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4700"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353260?format=json","vulnerability_id":"VCID-ma29-qa7e-9qb4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17994","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1813","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18042","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18008","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18047","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17944","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1785","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106","reference_id":"2460106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162","reference_id":"show_bug.cgi?id=2022162","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6764"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ma29-qa7e-9qb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=json","vulnerability_id":"VCID-mm6w-kpe8-4kg3","summary":"Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02941","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03692","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03733","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03623","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03687","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03682","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03645","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721","reference_id":"2450721","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129","reference_id":"show_bug.cgi?id=2011129","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354950?format=json","vulnerability_id":"VCID-ndwm-svz7-5uen","summary":"Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7321.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7321","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1113","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1364","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14003","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13883","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13796","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13878","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7321"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463485","reference_id":"2463485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463485"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029461","reference_id":"show_bug.cgi?id=2029461","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T14:48:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029461"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-7321"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwm-svz7-5uen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353264?format=json","vulnerability_id":"VCID-nge1-4cvg-zqb2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13548","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13434","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13201","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13464","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13356","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108","reference_id":"2460108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753","reference_id":"show_bug.cgi?id=2023753","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6769"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nge1-4cvg-zqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=json","vulnerability_id":"VCID-nvsz-9s3r-nbhq","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01757","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0221","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02174","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02177","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02207","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02205","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02192","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742","reference_id":"2450742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864","reference_id":"show_bug.cgi?id=2014864","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4718"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353268?format=json","vulnerability_id":"VCID-nyum-jpbc-abew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.022","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02181","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02169","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02185","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02184","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02155","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110","reference_id":"2460110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770","reference_id":"show_bug.cgi?id=2021770","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6776"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyum-jpbc-abew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353270?format=json","vulnerability_id":"VCID-p6yz-xs58-u3gm","summary":"Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14113","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19823","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19704","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1974","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19657","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19732","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088","reference_id":"2460088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6786"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yz-xs58-u3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353269?format=json","vulnerability_id":"VCID-pfmd-zv8f-8bfc","summary":"Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20169","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20079","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20055","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20085","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19999","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104","reference_id":"2460104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfmd-zv8f-8bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357130?format=json","vulnerability_id":"VCID-pszh-x9gd-xyg4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8094.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8094","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03317","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03038","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04341","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05669","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467706","reference_id":"2467706","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467706"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-41/","reference_id":"mfsa2026-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-44/","reference_id":"mfsa2026-44","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-44/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2035939","reference_id":"show_bug.cgi?id=2035939","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:35:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2035939"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1112931?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1"}],"aliases":["CVE-2026-8094"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pszh-x9gd-xyg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353255?format=json","vulnerability_id":"VCID-q689-wneh-hbdq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12356","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12332","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12275","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1214","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085","reference_id":"2460085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588","reference_id":"show_bug.cgi?id=2013588","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6757"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q689-wneh-hbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353249?format=json","vulnerability_id":"VCID-q8qp-5szp-mfe8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15039","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15285","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15242","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15258","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15164","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15362","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096","reference_id":"2460096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610","reference_id":"show_bug.cgi?id=2022610","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6749"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qp-5szp-mfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=json","vulnerability_id":"VCID-qbzp-euvv-q7c7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11778","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12843","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12742","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12738","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12758","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12621","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12717","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12824","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14248","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14121","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14111","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14153","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908","reference_id":"2455908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867","reference_id":"show_bug.cgi?id=2017867","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-5732"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=json","vulnerability_id":"VCID-qkks-24cp-gqg2","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714","reference_id":"2450714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091","reference_id":"show_bug.cgi?id=2015091","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4706"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=json","vulnerability_id":"VCID-rp5h-ym8y-skbw","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710","reference_id":"2450710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303","reference_id":"show_bug.cgi?id=2009303","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4701"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353253?format=json","vulnerability_id":"VCID-ruqn-mk9t-57hb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17847","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18038","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17941","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092","reference_id":"2460092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501","reference_id":"show_bug.cgi?id=2027501","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6753"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruqn-mk9t-57hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=json","vulnerability_id":"VCID-t4t3-5pt5-ayds","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724","reference_id":"2450724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349","reference_id":"show_bug.cgi?id=2016349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353266?format=json","vulnerability_id":"VCID-tv7r-qf2c-dqbm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19146","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19183","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19088","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19007","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19281","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105","reference_id":"2460105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067","reference_id":"show_bug.cgi?id=2025067","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6771"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7r-qf2c-dqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=json","vulnerability_id":"VCID-u3j3-fc4f-7ff7","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734","reference_id":"2450734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351","reference_id":"show_bug.cgi?id=2016351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4686"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357132?format=json","vulnerability_id":"VCID-ufku-v5vq-4yef","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8091","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04656","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05436","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06457","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06647","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-42/","reference_id":"mfsa2026-42","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-42/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029301","reference_id":"show_bug.cgi?id=2029301","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-08T22:31:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029301"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-8091"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufku-v5vq-4yef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353254?format=json","vulnerability_id":"VCID-w98r-yagc-kkec","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1962","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19525","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19535","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075","reference_id":"2460075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541","reference_id":"show_bug.cgi?id=2027541","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6754"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w98r-yagc-kkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=json","vulnerability_id":"VCID-wmyy-2cg3-wyhc","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06077","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06049","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06068","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729","reference_id":"2450729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422","reference_id":"show_bug.cgi?id=2020422","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=json","vulnerability_id":"VCID-wqw2-gjvu-6qbu","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03754","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03848","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03807","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03808","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03813","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03956","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732","reference_id":"2450732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375","reference_id":"show_bug.cgi?id=2016375","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4690"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=json","vulnerability_id":"VCID-wvx2-pba2-sqha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06205","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735","reference_id":"2450735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268","reference_id":"show_bug.cgi?id=2015268","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4708"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=json","vulnerability_id":"VCID-yjc2-2whn-uug5","summary":"Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06374","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747","reference_id":"2450747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430","reference_id":"show_bug.cgi?id=2018430","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4694"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=json","vulnerability_id":"VCID-ymak-rv52-h7a5","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727","reference_id":"2450727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370","reference_id":"show_bug.cgi?id=2016370","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-4710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353247?format=json","vulnerability_id":"VCID-z6tm-b352-5uhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19218","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19079","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19114","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18934","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19016","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095","reference_id":"2460095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769","reference_id":"show_bug.cgi?id=2021769","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-6747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tm-b352-5uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354951?format=json","vulnerability_id":"VCID-zkbj-717t-j3hw","summary":"Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7322.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7322","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19943","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20031","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19949","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19862","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19919","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463484","reference_id":"2463484","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463484"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-35/","reference_id":"mfsa2026-35","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","reference_id":"mfsa2026-36","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-37/","reference_id":"mfsa2026-37","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-38/","reference_id":"mfsa2026-38","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","reference_id":"mfsa2026-39","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-30T03:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1103564?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1"}],"aliases":["CVE-2026-7322"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkbj-717t-j3hw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62750?format=json","vulnerability_id":"VCID-1hay-xe3q-gyb4","summary":"Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2789","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05764","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05853","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05848","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05844","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0583","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442322","reference_id":"2442322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442322"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015179","reference_id":"show_bug.cgi?id=2015179","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:15:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015179"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2789"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hay-xe3q-gyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62718?format=json","vulnerability_id":"VCID-1u8u-pnq3-t7ae","summary":"Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2757","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21045","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21064","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442324","reference_id":"2442324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442324"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2001637","reference_id":"show_bug.cgi?id=2001637","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:39:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2001637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2757"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u8u-pnq3-t7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62753?format=json","vulnerability_id":"VCID-1v2s-g46y-ybdc","summary":"Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2792","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21167","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.213","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21317","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21321","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21376","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21346","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21993","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21842","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2192","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21889","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21912","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442318","reference_id":"2442318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442318"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331","reference_id":"buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2792"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v2s-g46y-ybdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62748?format=json","vulnerability_id":"VCID-3gmj-y8qd-ufej","summary":"Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2787","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05764","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05853","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05848","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05844","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0583","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442297","reference_id":"2442297","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442297"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014560","reference_id":"show_bug.cgi?id=2014560","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:02:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2787"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gmj-y8qd-ufej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62751?format=json","vulnerability_id":"VCID-3sg3-9yx7-fufa","summary":"Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2790","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06124","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0587","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05902","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05937","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05946","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05935","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05904","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07057","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07212","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07295","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07275","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07291","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442313","reference_id":"2442313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442313"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2008426","reference_id":"show_bug.cgi?id=2008426","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2008426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2790"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg3-9yx7-fufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62747?format=json","vulnerability_id":"VCID-4xqc-36jb-63c2","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2786","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05693","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0572","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05615","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05566","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05703","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05709","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442320","reference_id":"2442320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442320"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013612","reference_id":"show_bug.cgi?id=2013612","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:03:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2786"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqc-36jb-63c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62741?format=json","vulnerability_id":"VCID-5ept-fu7g-8kes","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2780","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04186","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04151","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04119","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05458","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05399","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05456","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05455","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442334","reference_id":"2442334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442334"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2007829","reference_id":"show_bug.cgi?id=2007829","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2007829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2780"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ept-fu7g-8kes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=json","vulnerability_id":"VCID-6cx1-8t9m-u3av","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0886","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04873","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04867","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04594","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04599","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04822","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04784","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04788","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04688","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04551","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04541","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04566","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428978","reference_id":"2428978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428978"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005658","reference_id":"show_bug.cgi?id=2005658","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005658"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0886"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62726?format=json","vulnerability_id":"VCID-6fsa-bnes-tkff","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2765","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0615","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06847","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06851","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442333","reference_id":"2442333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442333"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013562","reference_id":"show_bug.cgi?id=2013562","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2765"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fsa-bnes-tkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62722?format=json","vulnerability_id":"VCID-7wmw-hpfw-vuaa","summary":"Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2761","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33605","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34007","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34054","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34053","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34348","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34375","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34344","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34415","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34453","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34443","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442309","reference_id":"2442309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442309"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011063","reference_id":"show_bug.cgi?id=2011063","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:52:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2761"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wmw-hpfw-vuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=json","vulnerability_id":"VCID-8u4y-zrhv-8fe9","summary":"Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0887","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02915","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02759","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02691","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02701","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02851","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02823","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02839","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02872","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02883","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02884","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02714","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02737","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428972","reference_id":"2428972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428972"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2006500","reference_id":"show_bug.cgi?id=2006500","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2006500"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0887"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62736?format=json","vulnerability_id":"VCID-8zy6-g8kn-hbdc","summary":"Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2775","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07695","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0767","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07586","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08173","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08201","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0799","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08123","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08255","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442314","reference_id":"2442314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442314"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015199","reference_id":"show_bug.cgi?id=2015199","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:20:30Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015199"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2775"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zy6-g8kn-hbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62752?format=json","vulnerability_id":"VCID-9zxb-j4ep-n7g9","summary":"Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2791","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07499","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0741","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08078","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07811","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07947","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08018","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08003","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08027","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442342","reference_id":"2442342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442342"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015220","reference_id":"show_bug.cgi?id=2015220","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:10:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2791"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zxb-j4ep-n7g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=json","vulnerability_id":"VCID-a98z-hwzc-wkcj","summary":"Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0882","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05922","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05914","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05913","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05534","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428966","reference_id":"2428966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924125","reference_id":"show_bug.cgi?id=1924125","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924125"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0882"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62719?format=json","vulnerability_id":"VCID-azdd-vdn3-kffy","summary":"Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2758","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21045","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21064","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442337","reference_id":"2442337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442337"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009608","reference_id":"show_bug.cgi?id=2009608","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:44:21Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2758"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azdd-vdn3-kffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62725?format=json","vulnerability_id":"VCID-b5jm-57h2-2qcs","summary":"JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2764","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06534","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06637","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06626","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06646","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07215","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07232","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07147","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07236","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07259","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442329","reference_id":"2442329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442329"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012608","reference_id":"show_bug.cgi?id=2012608","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:27:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2764"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5jm-57h2-2qcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62740?format=json","vulnerability_id":"VCID-b8dx-232z-qbbc","summary":"Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2779","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06847","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06851","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20162","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20097","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20101","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442327","reference_id":"2442327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442327"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1164141","reference_id":"show_bug.cgi?id=1164141","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:15:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1164141"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2779"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8dx-232z-qbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62746?format=json","vulnerability_id":"VCID-cpez-x3zd-p7bu","summary":"Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2785","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05693","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0572","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05615","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05566","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05703","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05709","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442284","reference_id":"2442284","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442284"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013549","reference_id":"show_bug.cgi?id=2013549","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:06:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013549"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpez-x3zd-p7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=json","vulnerability_id":"VCID-deth-9krh-kufj","summary":"Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0890","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04242","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03993","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04185","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04153","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0418","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04217","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04222","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04225","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04048","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428971","reference_id":"2428971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428971"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005081","reference_id":"show_bug.cgi?id=2005081","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005081"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0890"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62739?format=json","vulnerability_id":"VCID-dxwp-5jfs-nuew","summary":"Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2778","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08061","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08194","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0833","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08276","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08263","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442335","reference_id":"2442335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442335"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358","reference_id":"show_bug.cgi?id=2016358","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:17:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2778"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxwp-5jfs-nuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62737?format=json","vulnerability_id":"VCID-gcnq-avax-aqcv","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2776","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08263","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08194","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0833","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08276","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08061","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442291","reference_id":"2442291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442291"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015266","reference_id":"show_bug.cgi?id=2015266","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:19:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015266"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2776"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcnq-avax-aqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=json","vulnerability_id":"VCID-h2gc-zk2a-1fg6","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0884","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07436","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0717","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.072","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07187","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07178","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07092","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07216","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07196","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07181","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07336","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07409","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07388","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07402","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07117","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428967","reference_id":"2428967","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428967"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003588","reference_id":"show_bug.cgi?id=2003588","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003588"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0884"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62723?format=json","vulnerability_id":"VCID-hsc9-up4x-nbgs","summary":"Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2762","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06847","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06851","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20162","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20097","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20101","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442308","reference_id":"2442308","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442308"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011649","reference_id":"show_bug.cgi?id=2011649","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:24:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011649"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2762"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsc9-up4x-nbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=json","vulnerability_id":"VCID-jybh-8px4-pqau","summary":"Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0885","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06103","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05756","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05734","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05686","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05835","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05929","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06019","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06093","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06096","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05729","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428961","reference_id":"2428961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428961"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003607","reference_id":"show_bug.cgi?id=2003607","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003607"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0885"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62762?format=json","vulnerability_id":"VCID-kk2m-2mxz-sbex","summary":"Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14327","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01931","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01925","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01952","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02659","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0268","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03527","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03439","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03521","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03534","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03577","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420507","reference_id":"2420507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420507"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-92/","reference_id":"mfsa2025-92","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-92/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-95"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-95/","reference_id":"mfsa2025-95","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-95/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970743","reference_id":"show_bug.cgi?id=1970743","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1970743"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2025-14327"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kk2m-2mxz-sbex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62724?format=json","vulnerability_id":"VCID-m3mp-su9k-sfhs","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2763","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06447","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06295","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07044","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07029","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07063","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06814","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06966","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442316","reference_id":"2442316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442316"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012018","reference_id":"show_bug.cgi?id=2012018","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:25:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2763"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3mp-su9k-sfhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62754?format=json","vulnerability_id":"VCID-menq-g5ce-1yd8","summary":"Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2793","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21678","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21502","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21656","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21686","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21878","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2163","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22224","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22246","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22097","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22177","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22255","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22328","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442287","reference_id":"2442287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442287"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498","reference_id":"buglist.cgi?bug_id=2015196%2C2016423%2C2016498","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2793"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-menq-g5ce-1yd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62735?format=json","vulnerability_id":"VCID-mn6j-2wd1-ukfb","summary":"Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2774","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05833","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06795","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07053","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07015","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06993","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06999","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442290","reference_id":"2442290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442290"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014883","reference_id":"show_bug.cgi?id=2014883","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:21:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014883"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2774"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn6j-2wd1-ukfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=json","vulnerability_id":"VCID-ndd4-kd1y-z7ep","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0878","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08003","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07739","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07789","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07767","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07874","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07942","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0793","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07955","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0778","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07827","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07783","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428965","reference_id":"2428965","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428965"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003989","reference_id":"show_bug.cgi?id=2003989","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003989"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0878"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62730?format=json","vulnerability_id":"VCID-nhsr-4zux-2bck","summary":"Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2769","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05017","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06099","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0619","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06182","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06164","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1566","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15612","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15667","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15634","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15468","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15462","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15724","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442295","reference_id":"2442295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442295"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014550","reference_id":"show_bug.cgi?id=2014550","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T14:20:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014550"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2769"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsr-4zux-2bck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=json","vulnerability_id":"VCID-nkpq-9gd6-nuc4","summary":"Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0891","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07116","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06643","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06724","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0682","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06821","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0686","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.071","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07081","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07096","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428963","reference_id":"2428963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428963"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278","reference_id":"buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62728?format=json","vulnerability_id":"VCID-ntqr-ptmu-yuen","summary":"Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2767","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15056","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15054","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17591","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17413","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1751","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17474","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17512","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442328","reference_id":"2442328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442328"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013741","reference_id":"show_bug.cgi?id=2013741","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:10:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013741"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqr-ptmu-yuen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62732?format=json","vulnerability_id":"VCID-p9zh-7wyj-hffm","summary":"Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2771","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08461","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08385","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08518","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08434","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08456","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442288","reference_id":"2442288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442288"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014593","reference_id":"show_bug.cgi?id=2014593","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:30:32Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T01:45:06Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2771"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9zh-7wyj-hffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=json","vulnerability_id":"VCID-pemg-ndu8-wbbc","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0879","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07528","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07331","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07319","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07229","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07513","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0753","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07462","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07299","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07325","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07235","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07309","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0879"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428973","reference_id":"2428973","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428973"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004602","reference_id":"show_bug.cgi?id=2004602","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004602"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0879"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62738?format=json","vulnerability_id":"VCID-q1pv-avug-juef","summary":"Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2777","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19894","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1977","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19874","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19871","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20117","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19843","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19977","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19952","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20532","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20383","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20455","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20541","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20614","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442312","reference_id":"2442312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442312"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015305","reference_id":"show_bug.cgi?id=2015305","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:56:06Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2777"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1pv-avug-juef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62755?format=json","vulnerability_id":"VCID-qcxw-ds31-3ubd","summary":"When a user explicitly requested Thunderbird to decrypt an inline\nOpenPGP message that was embedded in a text section of an email\nthat was formatted and styled with HTML and CSS, then the\ndecrypted contents were rendered in a context in which the CSS\nstyles from the outer messages were active. If the user had\nadditionally allowed loading of the remote content referenced by\nthe outer email message, and the email was crafted by the sender\nusing a combination of CSS rules and fonts and animations, then\nit was possible to extract the secret contents of the email.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0818.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0818","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00374","published_at":"2026-04-02T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00376","published_at":"2026-04-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00537","published_at":"2026-05-14T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00508","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00513","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00545","published_at":"2026-04-21T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00541","published_at":"2026-05-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00543","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00549","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00547","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00536","published_at":"2026-05-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00534","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00515","published_at":"2026-04-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00511","published_at":"2026-04-13T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00509","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0818"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433720","reference_id":"2433720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433720"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-07","reference_id":"mfsa2026-07","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-07/","reference_id":"mfsa2026-07","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-07/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-08","reference_id":"mfsa2026-08","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-08"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-08/","reference_id":"mfsa2026-08","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-08/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1881530","reference_id":"show_bug.cgi?id=1881530","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:50:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1881530"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0818"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxw-ds31-3ubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=json","vulnerability_id":"VCID-qm8f-f8nr-qba9","summary":"Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0880","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05922","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05914","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05913","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05534","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428975","reference_id":"2428975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428975"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005014","reference_id":"show_bug.cgi?id=2005014","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005014"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0880"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62749?format=json","vulnerability_id":"VCID-qta2-8rnt-k7d1","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2788","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06447","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06295","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07044","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07029","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07063","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06814","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06966","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442302","reference_id":"2442302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442302"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014824","reference_id":"show_bug.cgi?id=2014824","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:11:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2788"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qta2-8rnt-k7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62734?format=json","vulnerability_id":"VCID-r7vt-w149-9bfn","summary":"Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2773","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07941","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07845","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07927","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07891","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08434","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08461","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08518","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08385","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08456","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442319","reference_id":"2442319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442319"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014832","reference_id":"show_bug.cgi?id=2014832","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:37:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014832"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2773"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vt-w149-9bfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62744?format=json","vulnerability_id":"VCID-sgwe-9xfj-6kav","summary":"Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2783","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12101","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12003","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12149","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14281","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14069","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14157","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14146","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14187","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442300","reference_id":"2442300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442300"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010943","reference_id":"show_bug.cgi?id=2010943","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:09:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2783"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgwe-9xfj-6kav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62731?format=json","vulnerability_id":"VCID-ss9j-7jd7-nbf1","summary":"Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2770","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03498","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03551","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03494","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04877","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04915","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04922","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04919","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04831","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442343","reference_id":"2442343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442343"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014585","reference_id":"show_bug.cgi?id=2014585","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9j-7jd7-nbf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=json","vulnerability_id":"VCID-t2c3-smqc-zkba","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0877","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06751","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0672","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0633","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06257","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06302","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06704","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06696","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06504","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06445","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06429","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0627","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06278","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428969","reference_id":"2428969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428969"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-02/","reference_id":"mfsa2026-02","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1999257","reference_id":"show_bug.cgi?id=1999257","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1999257"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0877"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62729?format=json","vulnerability_id":"VCID-te1e-sjsk-bfd8","summary":"Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2768","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26767","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26866","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26818","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27536","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27441","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27501","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27523","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27444","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2746","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442298","reference_id":"2442298","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442298"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014101","reference_id":"show_bug.cgi?id=2014101","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T21:02:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2768"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te1e-sjsk-bfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62727?format=json","vulnerability_id":"VCID-ud33-vgxh-8khj","summary":"Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2766","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06358","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0615","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06847","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06851","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442294","reference_id":"2442294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442294"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013583","reference_id":"show_bug.cgi?id=2013583","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:31:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2766"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud33-vgxh-8khj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=json","vulnerability_id":"VCID-vszp-vyxy-f7g7","summary":"Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15369","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15373","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15332","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17922","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17645","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1784","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17802","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17839","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292","reference_id":"2442292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552","reference_id":"show_bug.cgi?id=2009552","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552"},{"reference_url":"https://usn.ubuntu.com/8071-1/","reference_id":"USN-8071-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-1/"},{"reference_url":"https://usn.ubuntu.com/8071-2/","reference_id":"USN-8071-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2781"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62743?format=json","vulnerability_id":"VCID-w4u8-25rz-gqeq","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2782","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15787","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15771","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15717","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15795","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15863","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15864","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15979","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18373","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18099","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18188","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18288","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18254","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18282","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442331","reference_id":"2442331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442331"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010743","reference_id":"show_bug.cgi?id=2010743","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2782"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4u8-25rz-gqeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62721?format=json","vulnerability_id":"VCID-wagm-cq36-k7g3","summary":"Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2760","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22899","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23071","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23631","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23651","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23685","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442325","reference_id":"2442325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442325"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011062","reference_id":"show_bug.cgi?id=2011062","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:49:35Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011062"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2760"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wagm-cq36-k7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62720?format=json","vulnerability_id":"VCID-wwdh-xmux-3qdq","summary":"Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2759","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21045","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21064","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442307","reference_id":"2442307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442307"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010933","reference_id":"show_bug.cgi?id=2010933","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T15:46:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2010933"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2759"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwdh-xmux-3qdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62745?format=json","vulnerability_id":"VCID-wwkc-4c69-cbea","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2784","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06654","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06704","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06462","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06661","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06676","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19488","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19491","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442304","reference_id":"2442304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442304"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012984","reference_id":"show_bug.cgi?id=2012984","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T03:13:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2012984"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2784"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkc-4c69-cbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62733?format=json","vulnerability_id":"VCID-xcbn-tkgg-4ben","summary":"Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2772","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04801","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04886","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04836","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05861","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06034","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06024","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06005","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442326","reference_id":"2442326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442326"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-14/","reference_id":"mfsa2026-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014827","reference_id":"show_bug.cgi?id=2014827","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:16:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-2772"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcbn-tkgg-4ben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=json","vulnerability_id":"VCID-zdxh-fp2e-47dd","summary":"Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0883","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03274","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0317","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03195","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03231","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0324","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03106","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428968","reference_id":"2428968","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428968"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-01/","reference_id":"mfsa2026-01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-03/","reference_id":"mfsa2026-03","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-04/","reference_id":"mfsa2026-04","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-05/","reference_id":"mfsa2026-05","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0667","reference_id":"RHSA-2026:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0694","reference_id":"RHSA-2026:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0924","reference_id":"RHSA-2026:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1320","reference_id":"RHSA-2026:1320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1413","reference_id":"RHSA-2026:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1414","reference_id":"RHSA-2026:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1415","reference_id":"RHSA-2026:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1461","reference_id":"RHSA-2026:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1462","reference_id":"RHSA-2026:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1471","reference_id":"RHSA-2026:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1487","reference_id":"RHSA-2026:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2041","reference_id":"RHSA-2026:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2043","reference_id":"RHSA-2026:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2044","reference_id":"RHSA-2026:2044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2047","reference_id":"RHSA-2026:2047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2069","reference_id":"RHSA-2026:2069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2070","reference_id":"RHSA-2026:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2073","reference_id":"RHSA-2026:2073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2074","reference_id":"RHSA-2026:2074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2220","reference_id":"RHSA-2026:2220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2231","reference_id":"RHSA-2026:2231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2271","reference_id":"RHSA-2026:2271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2286","reference_id":"RHSA-2026:2286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2286"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989340","reference_id":"show_bug.cgi?id=1989340","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989340"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049806?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13he-qsr4-h3d4"},{"vulnerability":"VCID-15j8-br8z-juf3"},{"vulnerability":"VCID-1fv1-edht-ufag"},{"vulnerability":"VCID-1y9d-wx59-fyh2"},{"vulnerability":"VCID-23eu-22t2-cydd"},{"vulnerability":"VCID-26d3-ctnj-7kbh"},{"vulnerability":"VCID-289s-f2w6-53g9"},{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-351y-4nek-u3aw"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3grf-hwk1-3fh8"},{"vulnerability":"VCID-3kd3-hwzv-efbn"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-3xgu-7evz-mffw"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-4q6w-tdk9-d3an"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-646f-ndeq-5bee"},{"vulnerability":"VCID-675n-7uzz-pqdj"},{"vulnerability":"VCID-6mur-mtfg-97gt"},{"vulnerability":"VCID-77y6-jskt-qucb"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-8qyy-e4jt-rbc4"},{"vulnerability":"VCID-8vka-qus2-tbhj"},{"vulnerability":"VCID-8xek-k5y2-6bfp"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-9uk1-zvat-5qc9"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-b4bq-q3ga-3ff1"},{"vulnerability":"VCID-b6sf-z5tm-4uau"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-e2k8-m9sm-8uek"},{"vulnerability":"VCID-ft6u-geds-fua9"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-gkva-6cu9-7keg"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-hshc-4xnc-gug4"},{"vulnerability":"VCID-hstd-23qm-bqdg"},{"vulnerability":"VCID-j1hb-8jjy-tqgq"},{"vulnerability":"VCID-kuwd-6tcg-fuha"},{"vulnerability":"VCID-m6uv-91wz-xfdv"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-mm6w-kpe8-4kg3"},{"vulnerability":"VCID-ndwm-svz7-5uen"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nvsz-9s3r-nbhq"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-qkks-24cp-gqg2"},{"vulnerability":"VCID-rp5h-ym8y-skbw"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-t4t3-5pt5-ayds"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-u3j3-fc4f-7ff7"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-wmyy-2cg3-wyhc"},{"vulnerability":"VCID-wqw2-gjvu-6qbu"},{"vulnerability":"VCID-wvx2-pba2-sqha"},{"vulnerability":"VCID-yjc2-2whn-uug5"},{"vulnerability":"VCID-ymak-rv52-h7a5"},{"vulnerability":"VCID-z6tm-b352-5uhk"},{"vulnerability":"VCID-zkbj-717t-j3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}],"aliases":["CVE-2026-0883"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1"}