{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"1:102.5.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:102.5.1-1","latest_non_vulnerable_version":"1:140.11.0esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180017?format=json","vulnerability_id":"VCID-2x59-7m54-d7hs","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45408.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45408","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143201","reference_id":"2143201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143201"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2x59-7m54-d7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166138?format=json","vulnerability_id":"VCID-6h91-4afu-gbhr","summary":"The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45409.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45409.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45409","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.499","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143202","reference_id":"2143202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143202"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:38:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:38:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:38:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1796901","reference_id":"show_bug.cgi?id=1796901","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:38:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1796901"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45409"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h91-4afu-gbhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180018?format=json","vulnerability_id":"VCID-8wgr-hrwx-uuep","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45418.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45418","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39139","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143241","reference_id":"2143241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143241"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45418"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wgr-hrwx-uuep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166064?format=json","vulnerability_id":"VCID-9s4j-m53q-gbdp","summary":"If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45406.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45406.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45406","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.623","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143200","reference_id":"2143200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143200"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:46:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:46:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:46:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791975","reference_id":"show_bug.cgi?id=1791975","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:46:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791975"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45406"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9s4j-m53q-gbdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165788?format=json","vulnerability_id":"VCID-cvg4-7g6d-a7fr","summary":"Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45403.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45403","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40411","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143197","reference_id":"2143197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143197"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:17:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:17:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:17:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1762078","reference_id":"show_bug.cgi?id=1762078","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:17:40Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1762078"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvg4-7g6d-a7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165710?format=json","vulnerability_id":"VCID-f2eb-uchc-m3gf","summary":"When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45410.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45410.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45410","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35766","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143203","reference_id":"2143203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143203"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:35:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:35:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:35:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1658869","reference_id":"show_bug.cgi?id=1658869","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:35:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1658869"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45410"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2eb-uchc-m3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180019?format=json","vulnerability_id":"VCID-f92c-u3sd-efgx","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45420.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45420","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33774","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143242","reference_id":"2143242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143242"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45420"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f92c-u3sd-efgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165683?format=json","vulnerability_id":"VCID-g78u-1nmy-63hw","summary":"Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45404.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45404","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38345","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143198","reference_id":"2143198","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143198"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790815","reference_id":"show_bug.cgi?id=1790815","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790815"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g78u-1nmy-63hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166154?format=json","vulnerability_id":"VCID-gte5-k2kh-2qbr","summary":"Keyboard events reference strings like \"KeyA\" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45416.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45416","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40531","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143240","reference_id":"2143240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143240"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1793676","reference_id":"show_bug.cgi?id=1793676","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:21Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1793676"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45416"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gte5-k2kh-2qbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165642?format=json","vulnerability_id":"VCID-h6z2-ghgz-nudd","summary":"Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45405.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45405","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143199","reference_id":"2143199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143199"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:10:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:10:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:10:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791314","reference_id":"show_bug.cgi?id=1791314","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:10:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791314"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45405"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6z2-ghgz-nudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166005?format=json","vulnerability_id":"VCID-qm9c-zgzt-hfcd","summary":"Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45421.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45421","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.499","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143243","reference_id":"2143243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143243"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767920%2C1789808%2C1794061","reference_id":"buglist.cgi?bug_id=1767920%2C1789808%2C1794061","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:14:39Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767920%2C1789808%2C1794061"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:14:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:14:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:14:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45421"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm9c-zgzt-hfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166077?format=json","vulnerability_id":"VCID-t2ng-x56w-2yfz","summary":"When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45412.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45412","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43834","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143205","reference_id":"2143205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143205"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:04:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:04:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:04:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791029","reference_id":"show_bug.cgi?id=1791029","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:04:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1791029"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45412"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ng-x56w-2yfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165947?format=json","vulnerability_id":"VCID-z4mv-dqna-77gu","summary":"Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45411.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45411.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45411","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43062","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143204","reference_id":"2143204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143204"},{"reference_url":"https://security.gentoo.org/glsa/202211-05","reference_id":"GLSA-202211-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","reference_id":"mfsa2022-47","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:08:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","reference_id":"mfsa2022-48","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:08:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","reference_id":"mfsa2022-49","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:08:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8543","reference_id":"RHSA-2022:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8544","reference_id":"RHSA-2022:8544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8545","reference_id":"RHSA-2022:8545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8547","reference_id":"RHSA-2022:8547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8548","reference_id":"RHSA-2022:8548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8549","reference_id":"RHSA-2022:8549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8550","reference_id":"RHSA-2022:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8552","reference_id":"RHSA-2022:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8553","reference_id":"RHSA-2022:8553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8554","reference_id":"RHSA-2022:8554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8555","reference_id":"RHSA-2022:8555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8556","reference_id":"RHSA-2022:8556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8561","reference_id":"RHSA-2022:8561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8580","reference_id":"RHSA-2022:8580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8979","reference_id":"RHSA-2022:8979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8980","reference_id":"RHSA-2022:8980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790311","reference_id":"show_bug.cgi?id=1790311","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:08:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790311"},{"reference_url":"https://usn.ubuntu.com/5726-1/","reference_id":"USN-5726-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5726-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105416?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105415?format=json","purl":"pkg:deb/debian/thunderbird@1:102.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45411"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4mv-dqna-77gu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.5.0-1%3Fdistro=trixie"}