{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","type":"deb","namespace":"debian","name":"thunderbird","version":"1:140.9.1esr-1~deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:140.10.0esr-1~deb12u1","latest_non_vulnerable_version":"1:140.10.0esr-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353248?format=json","vulnerability_id":"VCID-2fqb-r5zb-a7dp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103","reference_id":"2460103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460103"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604","reference_id":"show_bug.cgi?id=2022604","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:38:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6748"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fqb-r5zb-a7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353261?format=json","vulnerability_id":"VCID-3kv6-c148-nkhq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13012","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107","reference_id":"2460107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419","reference_id":"show_bug.cgi?id=2022419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:08:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6765"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kv6-c148-nkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353265?format=json","vulnerability_id":"VCID-59d3-343b-e3aw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079","reference_id":"2460079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220","reference_id":"show_bug.cgi?id=2024220","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:44:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59d3-343b-e3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353257?format=json","vulnerability_id":"VCID-61r1-arbe-dke4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099","reference_id":"2460099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460099"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857","reference_id":"show_bug.cgi?id=2017857","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:24:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6761"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61r1-arbe-dke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353262?format=json","vulnerability_id":"VCID-7jt2-zr49-7ye5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09926","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13452","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097","reference_id":"2460097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460097"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207","reference_id":"show_bug.cgi?id=2023207","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:37:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6766"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jt2-zr49-7ye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353251?format=json","vulnerability_id":"VCID-95et-ezmb-buau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109","reference_id":"2460109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460109"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883","reference_id":"show_bug.cgi?id=2025883","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:58:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6751"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95et-ezmb-buau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353259?format=json","vulnerability_id":"VCID-9nbw-7c9e-13af","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17294","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101","reference_id":"2460101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460101"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666","reference_id":"show_bug.cgi?id=2021666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:12:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbw-7c9e-13af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353258?format=json","vulnerability_id":"VCID-av7u-3g4m-mugm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12289","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13289","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076","reference_id":"2460076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460076"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080","reference_id":"show_bug.cgi?id=2021080","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:32:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6762"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av7u-3g4m-mugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353250?format=json","vulnerability_id":"VCID-bwth-uepr-z7a3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12533","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14809","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102","reference_id":"2460102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460102"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407","reference_id":"show_bug.cgi?id=2023407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-22T15:07:23Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-23T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6750"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwth-uepr-z7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353246?format=json","vulnerability_id":"VCID-cjsm-7gxr-8ygw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112","reference_id":"2460112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460112"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596","reference_id":"show_bug.cgi?id=2014596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6746"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjsm-7gxr-8ygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353252?format=json","vulnerability_id":"VCID-d16s-p141-qbft","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15181","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.1988","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078","reference_id":"2460078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460078"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499","reference_id":"show_bug.cgi?id=2027499","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:01:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6752"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d16s-p141-qbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353263?format=json","vulnerability_id":"VCID-fxjm-ywug-f3d5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14669","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086","reference_id":"2460086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460086"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209","reference_id":"show_bug.cgi?id=2023209","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T18:03:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjm-ywug-f3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353267?format=json","vulnerability_id":"VCID-hk2m-rbdy-nqhc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074","reference_id":"2460074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460074"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089","reference_id":"show_bug.cgi?id=2026089","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:40:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6772"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk2m-rbdy-nqhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353260?format=json","vulnerability_id":"VCID-ma29-qa7e-9qb4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17994","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106","reference_id":"2460106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162","reference_id":"show_bug.cgi?id=2022162","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T20:09:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6764"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ma29-qa7e-9qb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353264?format=json","vulnerability_id":"VCID-nge1-4cvg-zqb2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13298","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108","reference_id":"2460108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460108"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753","reference_id":"show_bug.cgi?id=2023753","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T20:23:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6769"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nge1-4cvg-zqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353268?format=json","vulnerability_id":"VCID-nyum-jpbc-abew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.022","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110","reference_id":"2460110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460110"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770","reference_id":"show_bug.cgi?id=2021770","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:49:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6776"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyum-jpbc-abew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353270?format=json","vulnerability_id":"VCID-p6yz-xs58-u3gm","summary":"Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14113","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088","reference_id":"2460088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460088"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6786"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yz-xs58-u3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353269?format=json","vulnerability_id":"VCID-pfmd-zv8f-8bfc","summary":"Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104","reference_id":"2460104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460104"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfmd-zv8f-8bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353255?format=json","vulnerability_id":"VCID-q689-wneh-hbdq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085","reference_id":"2460085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460085"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588","reference_id":"show_bug.cgi?id=2013588","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:30:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6757"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q689-wneh-hbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353249?format=json","vulnerability_id":"VCID-q8qp-5szp-mfe8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15173","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096","reference_id":"2460096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460096"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610","reference_id":"show_bug.cgi?id=2022610","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:07:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6749"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qp-5szp-mfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353253?format=json","vulnerability_id":"VCID-ruqn-mk9t-57hb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17991","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092","reference_id":"2460092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460092"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501","reference_id":"show_bug.cgi?id=2027501","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T14:17:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6753"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruqn-mk9t-57hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353266?format=json","vulnerability_id":"VCID-tv7r-qf2c-dqbm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105","reference_id":"2460105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460105"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067","reference_id":"show_bug.cgi?id=2025067","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:31:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6771"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7r-qf2c-dqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353254?format=json","vulnerability_id":"VCID-w98r-yagc-kkec","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075","reference_id":"2460075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460075"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","reference_id":"mfsa2026-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541","reference_id":"show_bug.cgi?id=2027541","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6754"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w98r-yagc-kkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353247?format=json","vulnerability_id":"VCID-z6tm-b352-5uhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1905","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095","reference_id":"2460095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460095"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769","reference_id":"show_bug.cgi?id=2021769","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:08:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089388?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-6747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tm-b352-5uhk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62703?format=json","vulnerability_id":"VCID-13he-qsr4-h3d4","summary":"Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06276","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07156","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726","reference_id":"2450726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450726"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329","reference_id":"show_bug.cgi?id=2016329","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342","reference_id":"show_bug.cgi?id=2016342","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:27:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4709"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13he-qsr4-h3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62776?format=json","vulnerability_id":"VCID-15j8-br8z-juf3","summary":"Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3889","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07517","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07437","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07427","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07515","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07528","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07542","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07541","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07518","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08255","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08286","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3889"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451006","reference_id":"2451006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451006"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020723","reference_id":"show_bug.cgi?id=2020723","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:05:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-3889"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15j8-br8z-juf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62709?format=json","vulnerability_id":"VCID-1fv1-edht-ufag","summary":"Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4715"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723","reference_id":"2450723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450723"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405","reference_id":"show_bug.cgi?id=2018405","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:34:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4715"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fv1-edht-ufag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62708?format=json","vulnerability_id":"VCID-23eu-22t2-cydd","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725","reference_id":"2450725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450725"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126","reference_id":"show_bug.cgi?id=2018126","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:10:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23eu-22t2-cydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62686?format=json","vulnerability_id":"VCID-26d3-ctnj-7kbh","summary":"Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10131","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11187","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738","reference_id":"2450738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512","reference_id":"show_bug.cgi?id=2017512","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:49:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017512"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4691"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26d3-ctnj-7kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62710?format=json","vulnerability_id":"VCID-289s-f2w6-53g9","summary":"Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4716"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4716"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720","reference_id":"2450720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450720"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592","reference_id":"show_bug.cgi?id=2018592","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:24:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4716"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-289s-f2w6-53g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62693?format=json","vulnerability_id":"VCID-351y-4nek-u3aw","summary":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12871","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14005","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719","reference_id":"2450719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450719"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906","reference_id":"show_bug.cgi?id=2020906","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:59:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4698"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-351y-4nek-u3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62714?format=json","vulnerability_id":"VCID-3grf-hwk1-3fh8","summary":"Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746","reference_id":"2450746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450746"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367","reference_id":"show_bug.cgi?id=2016367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:08:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4719"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3grf-hwk1-3fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62716?format=json","vulnerability_id":"VCID-3kd3-hwzv-efbn","summary":"Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06155","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06184","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06198","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07015","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4721"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711","reference_id":"2450711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450711"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_id":"buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4721"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kd3-hwzv-efbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62699?format=json","vulnerability_id":"VCID-3xgu-7evz-mffw","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0562","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06284","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722","reference_id":"2450722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450722"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873","reference_id":"show_bug.cgi?id=2014873","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:38:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4705"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xgu-7evz-mffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62715?format=json","vulnerability_id":"VCID-4q6w-tdk9-d3an","summary":"Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751","reference_id":"2450751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450751"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_id":"buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4720"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q6w-tdk9-d3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349997?format=json","vulnerability_id":"VCID-5dw5-vpt8-zqbz","summary":"Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17244","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20167","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20048","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21867","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21869","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901","reference_id":"2455901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455901"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-26/","reference_id":"mfsa2026-26","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-26/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:12:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-5731"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dw5-vpt8-zqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62682?format=json","vulnerability_id":"VCID-646f-ndeq-5bee","summary":"Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07233","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757","reference_id":"2450757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450757"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368","reference_id":"show_bug.cgi?id=2016368","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4687"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-646f-ndeq-5bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62683?format=json","vulnerability_id":"VCID-675n-7uzz-pqdj","summary":"Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05519","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06095","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713","reference_id":"2450713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450713"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373","reference_id":"show_bug.cgi?id=2016373","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4688"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-675n-7uzz-pqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62777?format=json","vulnerability_id":"VCID-6mur-mtfg-97gt","summary":"A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4371","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17505","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17579","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1749","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18878","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1892","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451001","reference_id":"2451001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451001"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023493","reference_id":"show_bug.cgi?id=2023493","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:24:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4371"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mur-mtfg-97gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=json","vulnerability_id":"VCID-77y6-jskt-qucb","summary":"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15808","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18108","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18262","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18164","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18215","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libexpat/libexpat/issues/1018","reference_id":"1018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/issues/1018"},{"reference_url":"https://github.com/libexpat/libexpat/pull/1034","reference_id":"1034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/pull/1034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298","reference_id":"1115298","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108","reference_id":"2395108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108"},{"reference_url":"https://issues.oss-fuzz.com/issues/439133977","reference_id":"439133977","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://issues.oss-fuzz.com/issues/439133977"},{"reference_url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes","reference_id":"Changes","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"},{"reference_url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74","reference_id":"Changes#L45-L74","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/"}],"url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19403","reference_id":"RHSA-2025:19403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21030","reference_id":"RHSA-2025:21030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21773","reference_id":"RHSA-2025:21773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21776","reference_id":"RHSA-2025:21776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21974","reference_id":"RHSA-2025:21974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22033","reference_id":"RHSA-2025:22033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22034","reference_id":"RHSA-2025:22034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22035","reference_id":"RHSA-2025:22035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22175","reference_id":"RHSA-2025:22175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22607","reference_id":"RHSA-2025:22607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22618","reference_id":"RHSA-2025:22618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22785","reference_id":"RHSA-2025:22785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22842","reference_id":"RHSA-2025:22842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22871","reference_id":"RHSA-2025:22871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22935","reference_id":"RHSA-2025:22935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23227","reference_id":"RHSA-2025:23227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23248","reference_id":"RHSA-2025:23248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23550","reference_id":"RHSA-2025:23550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0001","reference_id":"RHSA-2026:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0076","reference_id":"RHSA-2026:0076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0077","reference_id":"RHSA-2026:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0078","reference_id":"RHSA-2026:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0326","reference_id":"RHSA-2026:0326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0332","reference_id":"RHSA-2026:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0420","reference_id":"RHSA-2026:0420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0674","reference_id":"RHSA-2026:0674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0677","reference_id":"RHSA-2026:0677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0702","reference_id":"RHSA-2026:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0996","reference_id":"RHSA-2026:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1541","reference_id":"RHSA-2026:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3407","reference_id":"RHSA-2026:3407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5396","reference_id":"RHSA-2026:5396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5396"},{"reference_url":"https://usn.ubuntu.com/8022-1/","reference_id":"USN-8022-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8022-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2025-59375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62690?format=json","vulnerability_id":"VCID-8qyy-e4jt-rbc4","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715","reference_id":"2450715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450715"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030","reference_id":"show_bug.cgi?id=2020030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:53:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qyy-e4jt-rbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62756?format=json","vulnerability_id":"VCID-8vka-qus2-tbhj","summary":"Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03829","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03927","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0519","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283","reference_id":"1128283","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219","reference_id":"2440219","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-10/","reference_id":"mfsa2026-10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-11/","reference_id":"mfsa2026-11","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-11/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3967","reference_id":"RHSA-2026:3967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4447","reference_id":"RHSA-2026:4447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4629","reference_id":"RHSA-2026:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5227","reference_id":"RHSA-2026:5227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5228","reference_id":"RHSA-2026:5228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5229","reference_id":"RHSA-2026:5229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5230","reference_id":"RHSA-2026:5230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5231","reference_id":"RHSA-2026:5231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5319","reference_id":"RHSA-2026:5319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5320","reference_id":"RHSA-2026:5320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5323","reference_id":"RHSA-2026:5323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5324","reference_id":"RHSA-2026:5324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5326","reference_id":"RHSA-2026:5326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390","reference_id":"show_bug.cgi?id=2014390","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:52:59Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014390"},{"reference_url":"https://usn.ubuntu.com/8053-1/","reference_id":"USN-8053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8053-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-2447"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vka-qus2-tbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62684?format=json","vulnerability_id":"VCID-8xek-k5y2-6bfp","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07536","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08368","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08401","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718","reference_id":"2450718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450718"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374","reference_id":"show_bug.cgi?id=2016374","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4689"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xek-k5y2-6bfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349998?format=json","vulnerability_id":"VCID-9ag7-z86d-nba9","summary":"Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18556","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18413","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897","reference_id":"2455897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455897"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_id":"buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-5734"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ag7-z86d-nba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62701?format=json","vulnerability_id":"VCID-b4bq-q3ga-3ff1","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755","reference_id":"2450755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450755"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267","reference_id":"show_bug.cgi?id=2015267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4707"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bq-q3ga-3ff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62691?format=json","vulnerability_id":"VCID-b6sf-z5tm-4uau","summary":"Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08301","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740","reference_id":"2450740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190","reference_id":"show_bug.cgi?id=2020190","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T12:56:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4696"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6sf-z5tm-4uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62694?format=json","vulnerability_id":"VCID-e2k8-m9sm-8uek","summary":"Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739","reference_id":"2450739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863","reference_id":"show_bug.cgi?id=2021863","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:00:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4699"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2k8-m9sm-8uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62697?format=json","vulnerability_id":"VCID-ft6u-geds-fua9","summary":"JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4702"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744","reference_id":"2450744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450744"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560","reference_id":"show_bug.cgi?id=2013560","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:48:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4702"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft6u-geds-fua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62687?format=json","vulnerability_id":"VCID-gkva-6cu9-7keg","summary":"Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07769","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07792","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748","reference_id":"2450748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643","reference_id":"show_bug.cgi?id=2017643","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4692"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkva-6cu9-7keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62698?format=json","vulnerability_id":"VCID-hshc-4xnc-gug4","summary":"Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4704"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756","reference_id":"2450756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450756"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868","reference_id":"show_bug.cgi?id=2014868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:50:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4704"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hshc-4xnc-gug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62711?format=json","vulnerability_id":"VCID-hstd-23qm-bqdg","summary":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4717"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712","reference_id":"2450712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450712"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695","reference_id":"show_bug.cgi?id=2021695","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4717"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hstd-23qm-bqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62688?format=json","vulnerability_id":"VCID-j1hb-8jjy-tqgq","summary":"Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741","reference_id":"2450741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102","reference_id":"show_bug.cgi?id=2018102","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:50:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4693"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1hb-8jjy-tqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62707?format=json","vulnerability_id":"VCID-kuwd-6tcg-fuha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730","reference_id":"2450730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113","reference_id":"show_bug.cgi?id=2018113","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:13:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4713"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwd-6tcg-fuha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62695?format=json","vulnerability_id":"VCID-m6uv-91wz-xfdv","summary":"Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0594","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06091","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06619","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752","reference_id":"2450752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450752"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766","reference_id":"show_bug.cgi?id=2003766","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:02:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003766"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4700"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6uv-91wz-xfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62679?format=json","vulnerability_id":"VCID-mm6w-kpe8-4kg3","summary":"Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02935","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02941","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03623","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721","reference_id":"2450721","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129","reference_id":"show_bug.cgi?id=2011129","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:13:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm6w-kpe8-4kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62713?format=json","vulnerability_id":"VCID-nvsz-9s3r-nbhq","summary":"Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01757","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02218","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742","reference_id":"2450742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450742"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864","reference_id":"show_bug.cgi?id=2014864","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:11:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4718"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsz-9s3r-nbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349995?format=json","vulnerability_id":"VCID-qbzp-euvv-q7c7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11778","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12843","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12742","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12738","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12717","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12824","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908","reference_id":"2455908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455908"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","reference_id":"mfsa2026-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-27/","reference_id":"mfsa2026-27","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-27/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","reference_id":"mfsa2026-28","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-29/","reference_id":"mfsa2026-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-29/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867","reference_id":"show_bug.cgi?id=2017867","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:28:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068096?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077784?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1"}],"aliases":["CVE-2026-5732"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbzp-euvv-q7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62700?format=json","vulnerability_id":"VCID-qkks-24cp-gqg2","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4706"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714","reference_id":"2450714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450714"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091","reference_id":"show_bug.cgi?id=2015091","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:38:16Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4706"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkks-24cp-gqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62696?format=json","vulnerability_id":"VCID-rp5h-ym8y-skbw","summary":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4701"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710","reference_id":"2450710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450710"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303","reference_id":"show_bug.cgi?id=2009303","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-26T13:04:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4701"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5h-ym8y-skbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62680?format=json","vulnerability_id":"VCID-t4t3-5pt5-ayds","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4685"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724","reference_id":"2450724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349","reference_id":"show_bug.cgi?id=2016349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:43:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t3-5pt5-ayds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62681?format=json","vulnerability_id":"VCID-u3j3-fc4f-7ff7","summary":"Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07159","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734","reference_id":"2450734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351","reference_id":"show_bug.cgi?id=2016351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:44:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4686"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j3-fc4f-7ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62692?format=json","vulnerability_id":"VCID-wmyy-2cg3-wyhc","summary":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05887","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729","reference_id":"2450729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450729"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422","reference_id":"show_bug.cgi?id=2020422","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:57:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyy-2cg3-wyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62685?format=json","vulnerability_id":"VCID-wqw2-gjvu-6qbu","summary":"Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03754","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732","reference_id":"2450732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450732"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375","reference_id":"show_bug.cgi?id=2016375","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:56:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4690"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqw2-gjvu-6qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=json","vulnerability_id":"VCID-wvx2-pba2-sqha","summary":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735","reference_id":"2450735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268","reference_id":"show_bug.cgi?id=2015268","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T16:28:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4708"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvx2-pba2-sqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62689?format=json","vulnerability_id":"VCID-yjc2-2whn-uug5","summary":"Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05469","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06135","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4694"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747","reference_id":"2450747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450747"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-21/","reference_id":"mfsa2026-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430","reference_id":"show_bug.cgi?id=2018430","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:52:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4694"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjc2-2whn-uug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62704?format=json","vulnerability_id":"VCID-ymak-rv52-h7a5","summary":"Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727","reference_id":"2450727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450727"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370","reference_id":"show_bug.cgi?id=2016370","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:52:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050247?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-qbzp-euvv-q7c7"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089384?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}],"aliases":["CVE-2026-4710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymak-rv52-h7a5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1~deb12u1"}