{"url":"http://public2.vulnerablecode.io/api/packages/1066720?format=json","purl":"pkg:rpm/redhat/firefox@140.9.0-1?arch=el8_4","type":"rpm","namespace":"redhat","name":"firefox","version":"140.9.0-1","qualifiers":{"arch":"el8_4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=json","vulnerability_id":"VCID-13he-qsr4-h3d4","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726","reference_id":"2450726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329","reference_id":"show_bug.cgi?id=2016329","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342","reference_id":"show_bug.cgi?id=2016342","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"}],"fixed_packages":[],"aliases":["CVE-2026-4709"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=json","vulnerability_id":"VCID-1fv1-edht-ufag","summary":"Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723","reference_id":"2450723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405","reference_id":"show_bug.cgi?id=2018405","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"}],"fixed_packages":[],"aliases":["CVE-2026-4715"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=json","vulnerability_id":"VCID-23eu-22t2-cydd","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725","reference_id":"2450725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126","reference_id":"show_bug.cgi?id=2018126","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"}],"fixed_packages":[],"aliases":["CVE-2026-4714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=json","vulnerability_id":"VCID-26d3-ctnj-7kbh","summary":"Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10131","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11187","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738","reference_id":"2450738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512","reference_id":"show_bug.cgi?id=2017512","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512"}],"fixed_packages":[],"aliases":["CVE-2026-4691"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=json","vulnerability_id":"VCID-289s-f2w6-53g9","summary":"Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720","reference_id":"2450720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592","reference_id":"show_bug.cgi?id=2018592","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"}],"fixed_packages":[],"aliases":["CVE-2026-4716"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=json","vulnerability_id":"VCID-351y-4nek-u3aw","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12871","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13883","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719","reference_id":"2450719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906","reference_id":"show_bug.cgi?id=2020906","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"}],"fixed_packages":[],"aliases":["CVE-2026-4698"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=json","vulnerability_id":"VCID-3grf-hwk1-3fh8","summary":"Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746","reference_id":"2450746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367","reference_id":"show_bug.cgi?id=2016367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"}],"fixed_packages":[],"aliases":["CVE-2026-4719"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=json","vulnerability_id":"VCID-3kd3-hwzv-efbn","summary":"Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06155","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06198","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06999","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711","reference_id":"2450711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_id":"buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[],"aliases":["CVE-2026-4721"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=json","vulnerability_id":"VCID-3xgu-7evz-mffw","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0562","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06284","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722","reference_id":"2450722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873","reference_id":"show_bug.cgi?id=2014873","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"}],"fixed_packages":[],"aliases":["CVE-2026-4705"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=json","vulnerability_id":"VCID-4q6w-tdk9-d3an","summary":"Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751","reference_id":"2450751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_id":"buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[],"aliases":["CVE-2026-4720"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62705?format=json","vulnerability_id":"VCID-4r8e-64b6-bbbu","summary":"Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4711","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4711"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450733","reference_id":"2450733","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017002","reference_id":"show_bug.cgi?id=2017002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017002"}],"fixed_packages":[],"aliases":["CVE-2026-4711"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r8e-64b6-bbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=json","vulnerability_id":"VCID-646f-ndeq-5bee","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07233","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757","reference_id":"2450757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368","reference_id":"show_bug.cgi?id=2016368","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"}],"fixed_packages":[],"aliases":["CVE-2026-4687"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=json","vulnerability_id":"VCID-675n-7uzz-pqdj","summary":"Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05519","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06095","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06089","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713","reference_id":"2450713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373","reference_id":"show_bug.cgi?id=2016373","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"}],"fixed_packages":[],"aliases":["CVE-2026-4688"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=json","vulnerability_id":"VCID-8qyy-e4jt-rbc4","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715","reference_id":"2450715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030","reference_id":"show_bug.cgi?id=2020030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030"}],"fixed_packages":[],"aliases":["CVE-2026-4695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=json","vulnerability_id":"VCID-8xek-k5y2-6bfp","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08368","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08321","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718","reference_id":"2450718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374","reference_id":"show_bug.cgi?id=2016374","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"}],"fixed_packages":[],"aliases":["CVE-2026-4689"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=json","vulnerability_id":"VCID-b4bq-q3ga-3ff1","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04325","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755","reference_id":"2450755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267","reference_id":"show_bug.cgi?id=2015267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"}],"fixed_packages":[],"aliases":["CVE-2026-4707"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=json","vulnerability_id":"VCID-b6sf-z5tm-4uau","summary":"Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08301","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740","reference_id":"2450740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190","reference_id":"show_bug.cgi?id=2020190","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190"}],"fixed_packages":[],"aliases":["CVE-2026-4696"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=json","vulnerability_id":"VCID-e2k8-m9sm-8uek","summary":"Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739","reference_id":"2450739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863","reference_id":"show_bug.cgi?id=2021863","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863"}],"fixed_packages":[],"aliases":["CVE-2026-4699"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62706?format=json","vulnerability_id":"VCID-efvs-1tuf-guf4","summary":"Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4712","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0355","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03572","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03461","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04377","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04351","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450728","reference_id":"2450728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450728"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017666","reference_id":"show_bug.cgi?id=2017666","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017666"}],"fixed_packages":[],"aliases":["CVE-2026-4712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efvs-1tuf-guf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=json","vulnerability_id":"VCID-ft6u-geds-fua9","summary":"JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744","reference_id":"2450744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560","reference_id":"show_bug.cgi?id=2013560","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"}],"fixed_packages":[],"aliases":["CVE-2026-4702"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=json","vulnerability_id":"VCID-gkva-6cu9-7keg","summary":"Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07741","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07769","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07792","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748","reference_id":"2450748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643","reference_id":"show_bug.cgi?id=2017643","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643"}],"fixed_packages":[],"aliases":["CVE-2026-4692"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=json","vulnerability_id":"VCID-hshc-4xnc-gug4","summary":"Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756","reference_id":"2450756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868","reference_id":"show_bug.cgi?id=2014868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"}],"fixed_packages":[],"aliases":["CVE-2026-4704"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=json","vulnerability_id":"VCID-hstd-23qm-bqdg","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712","reference_id":"2450712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695","reference_id":"show_bug.cgi?id=2021695","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"}],"fixed_packages":[],"aliases":["CVE-2026-4717"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=json","vulnerability_id":"VCID-j1hb-8jjy-tqgq","summary":"Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741","reference_id":"2450741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102","reference_id":"show_bug.cgi?id=2018102","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"}],"fixed_packages":[],"aliases":["CVE-2026-4693"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=json","vulnerability_id":"VCID-kuwd-6tcg-fuha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730","reference_id":"2450730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113","reference_id":"show_bug.cgi?id=2018113","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"}],"fixed_packages":[],"aliases":["CVE-2026-4713"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=json","vulnerability_id":"VCID-m6uv-91wz-xfdv","summary":"Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06091","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06638","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06619","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752","reference_id":"2450752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766","reference_id":"show_bug.cgi?id=2003766","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766"}],"fixed_packages":[],"aliases":["CVE-2026-4700"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=json","vulnerability_id":"VCID-mm6w-kpe8-4kg3","summary":"Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02941","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03623","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721","reference_id":"2450721","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129","reference_id":"show_bug.cgi?id=2011129","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"}],"fixed_packages":[],"aliases":["CVE-2026-4684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=json","vulnerability_id":"VCID-nvsz-9s3r-nbhq","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01757","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02174","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02185","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742","reference_id":"2450742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864","reference_id":"show_bug.cgi?id=2014864","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"}],"fixed_packages":[],"aliases":["CVE-2026-4718"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=json","vulnerability_id":"VCID-qkks-24cp-gqg2","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714","reference_id":"2450714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091","reference_id":"show_bug.cgi?id=2015091","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"}],"fixed_packages":[],"aliases":["CVE-2026-4706"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=json","vulnerability_id":"VCID-rp5h-ym8y-skbw","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710","reference_id":"2450710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303","reference_id":"show_bug.cgi?id=2009303","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303"}],"fixed_packages":[],"aliases":["CVE-2026-4701"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=json","vulnerability_id":"VCID-t4t3-5pt5-ayds","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724","reference_id":"2450724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349","reference_id":"show_bug.cgi?id=2016349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"}],"fixed_packages":[],"aliases":["CVE-2026-4685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=json","vulnerability_id":"VCID-u3j3-fc4f-7ff7","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07131","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734","reference_id":"2450734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351","reference_id":"show_bug.cgi?id=2016351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"}],"fixed_packages":[],"aliases":["CVE-2026-4686"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=json","vulnerability_id":"VCID-wmyy-2cg3-wyhc","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729","reference_id":"2450729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422","reference_id":"show_bug.cgi?id=2020422","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}],"fixed_packages":[],"aliases":["CVE-2026-4697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=json","vulnerability_id":"VCID-wqw2-gjvu-6qbu","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03754","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732","reference_id":"2450732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375","reference_id":"show_bug.cgi?id=2016375","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"}],"fixed_packages":[],"aliases":["CVE-2026-4690"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=json","vulnerability_id":"VCID-wvx2-pba2-sqha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735","reference_id":"2450735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268","reference_id":"show_bug.cgi?id=2015268","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"}],"fixed_packages":[],"aliases":["CVE-2026-4708"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=json","vulnerability_id":"VCID-yjc2-2whn-uug5","summary":"Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06135","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747","reference_id":"2450747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430","reference_id":"show_bug.cgi?id=2018430","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430"}],"fixed_packages":[],"aliases":["CVE-2026-4694"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=json","vulnerability_id":"VCID-ymak-rv52-h7a5","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727","reference_id":"2450727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370","reference_id":"show_bug.cgi?id=2016370","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"}],"fixed_packages":[],"aliases":["CVE-2026-4710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@140.9.0-1%3Farch=el8_4"}