{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"1:102.8.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:102.9.0-1~deb11u1","latest_non_vulnerable_version":"1:140.11.0esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14929?format=json","vulnerability_id":"VCID-146p-gdus-sbh1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48393","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377","reference_id":"2170377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377"},{"reference_url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html","reference_id":"ALAS-2023-1992.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1252","reference_id":"RHSA-2023:1252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1332","reference_id":"RHSA-2023:1332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1365","reference_id":"RHSA-2023:1365","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1366","reference_id":"RHSA-2023:1366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1368","reference_id":"RHSA-2023:1368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1369","reference_id":"RHSA-2023:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1370","reference_id":"RHSA-2023:1370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1406","reference_id":"RHSA-2023:1406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1436","reference_id":"RHSA-2023:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1442","reference_id":"RHSA-2023:1442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1443","reference_id":"RHSA-2023:1443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1444","reference_id":"RHSA-2023:1444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1445","reference_id":"RHSA-2023:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1472","reference_id":"RHSA-2023:1472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1479","reference_id":"RHSA-2023:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1677","reference_id":"RHSA-2023:1677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1677"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640","reference_id":"show_bug.cgi?id=1804640","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5892-1/","reference_id":"USN-5892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-1/"},{"reference_url":"https://usn.ubuntu.com/5892-2/","reference_id":"USN-5892-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-2/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-0767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-146p-gdus-sbh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129105?format=json","vulnerability_id":"VCID-2hsy-7yvg-27fb","summary":"Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25739.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25739","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43245","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170381","reference_id":"2170381","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170381"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811939","reference_id":"show_bug.cgi?id=1811939","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811939"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"},{"reference_url":"https://usn.ubuntu.com/6120-1/","reference_id":"USN-6120-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6120-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsy-7yvg-27fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129174?format=json","vulnerability_id":"VCID-2uhf-ar3k-4qdr","summary":"When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25742.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25742","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31191","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170390","reference_id":"2170390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170390"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:15:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:15:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:15:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1813424","reference_id":"show_bug.cgi?id=1813424","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:15:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1813424"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25742"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uhf-ar3k-4qdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129114?format=json","vulnerability_id":"VCID-5a3y-radv-j7e3","summary":"Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25746.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25746","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34666","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170402","reference_id":"2170402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170402"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368","reference_id":"buglist.cgi?bug_id=1544127%2C1762368","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T19:10:21Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T19:10:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T19:10:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25746"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a3y-radv-j7e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129447?format=json","vulnerability_id":"VCID-78jx-q4zz-aba1","summary":"Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25744.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25744","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34666","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170391","reference_id":"2170391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170391"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536","reference_id":"buglist.cgi?bug_id=1789449%2C1803628%2C1810536","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:10:45Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:10:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:10:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78jx-q4zz-aba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129539?format=json","vulnerability_id":"VCID-akxy-w512-qqe9","summary":"The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25728.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25728","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42146","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170374","reference_id":"2170374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170374"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:40:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:40:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:40:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790345","reference_id":"show_bug.cgi?id=1790345","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:40:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1790345"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25728"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akxy-w512-qqe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129264?format=json","vulnerability_id":"VCID-cjyk-amwj-7kf7","summary":"An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25737.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25737","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3826","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170379","reference_id":"2170379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170379"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:10:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:10:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:10:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811464","reference_id":"show_bug.cgi?id=1811464","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:10:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811464"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25737"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjyk-amwj-7kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129043?format=json","vulnerability_id":"VCID-mqd7-aqzz-9kbt","summary":"Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25735.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25735","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37466","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170378","reference_id":"2170378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170378"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810711","reference_id":"show_bug.cgi?id=1810711","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810711"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"},{"reference_url":"https://usn.ubuntu.com/6120-1/","reference_id":"USN-6120-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6120-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25735"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqd7-aqzz-9kbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129527?format=json","vulnerability_id":"VCID-ruvd-z97u-xfbf","summary":"Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25729.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25729","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31094","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170382","reference_id":"2170382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170382"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1792138","reference_id":"show_bug.cgi?id=1792138","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruvd-z97u-xfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129421?format=json","vulnerability_id":"VCID-t4a9-4um6-m3az","summary":"When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25732.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25732.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25732","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3573","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170383","reference_id":"2170383","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170383"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T21:12:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T21:12:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T21:12:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804564","reference_id":"show_bug.cgi?id=1804564","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T21:12:13Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804564"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25732"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4a9-4um6-m3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148642?format=json","vulnerability_id":"VCID-u6u8-qjr6-6fdy","summary":"If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0616.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0616","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57994","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2171397","reference_id":"2171397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2171397"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:18:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507","reference_id":"show_bug.cgi?id=1806507","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:18:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-0616"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6u8-qjr6-6fdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129058?format=json","vulnerability_id":"VCID-xwzt-tr6t-zba9","summary":"A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25730.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25730.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25730","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28345","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170375","reference_id":"2170375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170375"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0805","reference_id":"RHSA-2023:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0806","reference_id":"RHSA-2023:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0807","reference_id":"RHSA-2023:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0808","reference_id":"RHSA-2023:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0809","reference_id":"RHSA-2023:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0810","reference_id":"RHSA-2023:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0811","reference_id":"RHSA-2023:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0812","reference_id":"RHSA-2023:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0817","reference_id":"RHSA-2023:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0818","reference_id":"RHSA-2023:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0819","reference_id":"RHSA-2023:0819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0820","reference_id":"RHSA-2023:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0821","reference_id":"RHSA-2023:0821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0822","reference_id":"RHSA-2023:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0823","reference_id":"RHSA-2023:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0824","reference_id":"RHSA-2023:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0824"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794622","reference_id":"show_bug.cgi?id=1794622","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794622"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105420?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105425?format=json","purl":"pkg:deb/debian/thunderbird@1:102.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105328?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105326?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105330?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105329?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwzt-tr6t-zba9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.8.0-1%3Fdistro=trixie"}