{"url":"http://public2.vulnerablecode.io/api/packages/110044?format=json","purl":"pkg:rpm/redhat/firefox@128.2.0-1?arch=el9_0","type":"rpm","namespace":"redhat","name":"firefox","version":"128.2.0-1","qualifiers":{"arch":"el9_0"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116?format=json","vulnerability_id":"VCID-21w2-s4gu-wqg5","summary":"Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8382.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8382","reference_id":"","reference_type":"","scores":[{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50425","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50455","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50436","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50407","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309428","reference_id":"2309428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309428"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-41/","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-44/","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-44/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1906744","reference_id":"show_bug.cgi?id=1906744","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-30T16:38:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1906744"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"},{"reference_url":"https://usn.ubuntu.com/6995-1/","reference_id":"USN-6995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6995-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8382"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21w2-s4gu-wqg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115?format=json","vulnerability_id":"VCID-2gbz-ywvq-eqck","summary":"A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8381.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8381","reference_id":"","reference_type":"","scores":[{"value":"0.11622","scoring_system":"epss","scoring_elements":"0.93797","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11622","scoring_system":"epss","scoring_elements":"0.93796","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11622","scoring_system":"epss","scoring_elements":"0.93795","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11622","scoring_system":"epss","scoring_elements":"0.93802","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309427","reference_id":"2309427","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309427"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-41/","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-44/","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-44/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1912715","reference_id":"show_bug.cgi?id=1912715","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:55:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1912715"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"},{"reference_url":"https://usn.ubuntu.com/6995-1/","reference_id":"USN-6995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6995-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8381"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gbz-ywvq-eqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/125?format=json","vulnerability_id":"VCID-2qw1-ckr1-7ke8","summary":"Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8383.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8383","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45046","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45051","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45001","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45031","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45014","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8383"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309429","reference_id":"2309429","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309429"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:16:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:16:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-41/","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:16:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-41/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1908496","reference_id":"show_bug.cgi?id=1908496","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:16:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1908496"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8383"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qw1-ckr1-7ke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144?format=json","vulnerability_id":"VCID-ep69-nty2-4bcf","summary":"A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8385.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8385","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6615","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66151","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66133","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309431","reference_id":"2309431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309431"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911909","reference_id":"show_bug.cgi?id=1911909","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911909"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8385"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ep69-nty2-4bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117?format=json","vulnerability_id":"VCID-j6r8-qyw7-n7aw","summary":"The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8384","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55502","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55484","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55514","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55503","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55509","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309430","reference_id":"2309430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309430"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-41/","reference_id":"mfsa2024-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-44/","reference_id":"mfsa2024-44","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-44/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911288","reference_id":"show_bug.cgi?id=1911288","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911288"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"},{"reference_url":"https://usn.ubuntu.com/6995-1/","reference_id":"USN-6995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6995-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8384"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6r8-qyw7-n7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98?format=json","vulnerability_id":"VCID-jk52-3nus-rkc2","summary":"An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7652.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7652","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51333","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51324","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51303","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51348","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51353","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310490","reference_id":"2310490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310490"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:13:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-30/","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:13:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-31/","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:13:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:13:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1901411","reference_id":"show_bug.cgi?id=1901411","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:13:40Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1901411"}],"fixed_packages":[],"aliases":["CVE-2024-7652"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jk52-3nus-rkc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146?format=json","vulnerability_id":"VCID-k9kd-r5af-7kh3","summary":"Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8387.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8387","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74385","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74358","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74376","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74388","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309433","reference_id":"2309433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309433"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009","reference_id":"buglist.cgi?bug_id=1857607%2C1911858%2C1914009","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8387"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9kd-r5af-7kh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1048?format=json","vulnerability_id":"VCID-wjka-dkr1-m7eu","summary":"Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6135.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6135","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41462","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41509","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41514","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41483","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41451","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6135"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059054","reference_id":"1059054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249906","reference_id":"2249906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249906"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-56","reference_id":"mfsa2023-56","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-56"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-56/","reference_id":"mfsa2023-56","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:59:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-56/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0785","reference_id":"RHSA-2024:0785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0786","reference_id":"RHSA-2024:0786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0790","reference_id":"RHSA-2024:0790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0791","reference_id":"RHSA-2024:0791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1686","reference_id":"RHSA-2024:1686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1853908","reference_id":"show_bug.cgi?id=1853908","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:59:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1853908"},{"reference_url":"https://usn.ubuntu.com/6562-1/","reference_id":"USN-6562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6562-1/"},{"reference_url":"https://usn.ubuntu.com/6727-1/","reference_id":"USN-6727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6727-1/"}],"fixed_packages":[],"aliases":["CVE-2023-6135"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjka-dkr1-m7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145?format=json","vulnerability_id":"VCID-wnkw-pzcx-hkgm","summary":"If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8386.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8386","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53596","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5362","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53633","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309432","reference_id":"2309432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309432"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032","reference_id":"show_bug.cgi?id=1907032","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163","reference_id":"show_bug.cgi?id=1909163","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529","reference_id":"show_bug.cgi?id=1909529","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8386"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnkw-pzcx-hkgm"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@128.2.0-1%3Farch=el9_0"}