{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","type":"apk","namespace":"alpine","name":"librewolf","version":"87.0-r0","qualifiers":{"arch":"armv7","distroversion":"v3.22","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"88.0-r0","latest_non_vulnerable_version":"119.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1326?format=json","vulnerability_id":"VCID-3xcs-uqc4-sqdw","summary":"If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23985","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73379","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23985"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xcs-uqc4-sqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1305?format=json","vulnerability_id":"VCID-4mxh-j7wx-vbek","summary":"If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23968.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23968","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50421","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932110","reference_id":"1932110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932110"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://security.archlinux.org/AVG-1601","reference_id":"AVG-1601","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1601"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-08","reference_id":"mfsa2021-08","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-09","reference_id":"mfsa2021-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0655","reference_id":"RHSA-2021:0655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0656","reference_id":"RHSA-2021:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0657","reference_id":"RHSA-2021:0657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0658","reference_id":"RHSA-2021:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0659","reference_id":"RHSA-2021:0659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0660","reference_id":"RHSA-2021:0660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0661","reference_id":"RHSA-2021:0661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0662","reference_id":"RHSA-2021:0662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0662"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23968"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mxh-j7wx-vbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1323?format=json","vulnerability_id":"VCID-6d5m-3chv-5fgk","summary":"Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23982.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23982","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36996","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1942785","reference_id":"1942785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1942785"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.archlinux.org/AVG-1729","reference_id":"AVG-1729","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1729"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-11","reference_id":"mfsa2021-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-12","reference_id":"mfsa2021-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0989","reference_id":"RHSA-2021:0989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0990","reference_id":"RHSA-2021:0990","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0991","reference_id":"RHSA-2021:0991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0992","reference_id":"RHSA-2021:0992","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0992"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0993","reference_id":"RHSA-2021:0993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0994","reference_id":"RHSA-2021:0994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0995","reference_id":"RHSA-2021:0995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0996","reference_id":"RHSA-2021:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0996"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d5m-3chv-5fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1345?format=json","vulnerability_id":"VCID-81ew-d9dt-skgt","summary":"The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23975","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40235","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23975"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81ew-d9dt-skgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1339?format=json","vulnerability_id":"VCID-brtz-6yap-hfab","summary":"Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23970","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52776","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23970"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brtz-6yap-hfab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1329?format=json","vulnerability_id":"VCID-cb3x-1wm2-d7hr","summary":"Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23988","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53123","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23988"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cb3x-1wm2-d7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1344?format=json","vulnerability_id":"VCID-dvp7-w6zr-tkh9","summary":"One phishing tactic on the web is to provide a link with HTTP Auth. For example https://www.phishingtarget.com@evil.com. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23972","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61368","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23972"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23972"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvp7-w6zr-tkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1325?format=json","vulnerability_id":"VCID-fqfv-4vrw-4uau","summary":"A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23984.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23984","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52642","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1942786","reference_id":"1942786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1942786"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.archlinux.org/AVG-1729","reference_id":"AVG-1729","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1729"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-11","reference_id":"mfsa2021-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-12","reference_id":"mfsa2021-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0989","reference_id":"RHSA-2021:0989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0990","reference_id":"RHSA-2021:0990","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0991","reference_id":"RHSA-2021:0991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0992","reference_id":"RHSA-2021:0992","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0992"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0993","reference_id":"RHSA-2021:0993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0994","reference_id":"RHSA-2021:0994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0995","reference_id":"RHSA-2021:0995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0996","reference_id":"RHSA-2021:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0996"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqfv-4vrw-4uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1324?format=json","vulnerability_id":"VCID-jshb-xfdc-p7at","summary":"By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23983","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4586","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23983"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jshb-xfdc-p7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1307?format=json","vulnerability_id":"VCID-pyu2-xzpv-tkgh","summary":"Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs present in Thunderbird 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23978.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23978","reference_id":"","reference_type":"","scores":[{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79409","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932112","reference_id":"1932112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932112"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://security.archlinux.org/AVG-1601","reference_id":"AVG-1601","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1601"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-08","reference_id":"mfsa2021-08","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-09","reference_id":"mfsa2021-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0655","reference_id":"RHSA-2021:0655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0656","reference_id":"RHSA-2021:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0657","reference_id":"RHSA-2021:0657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0658","reference_id":"RHSA-2021:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0659","reference_id":"RHSA-2021:0659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0660","reference_id":"RHSA-2021:0660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0661","reference_id":"RHSA-2021:0661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0662","reference_id":"RHSA-2021:0662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0662"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23978"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyu2-xzpv-tkgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1342?format=json","vulnerability_id":"VCID-vque-dfjx-ryad","summary":"When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites.*Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23976","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50461","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23976"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1600","reference_id":"AVG-1600","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1600"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vque-dfjx-ryad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1346?format=json","vulnerability_id":"VCID-wpy7-gpn8-euhx","summary":"Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23979","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55605","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23979"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23979"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpy7-gpn8-euhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1327?format=json","vulnerability_id":"VCID-xkr1-3kh6-aqbs","summary":"A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL.  The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions.  This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23986","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24928","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23986"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1728","reference_id":"AVG-1728","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1728"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115829?format=json","purl":"pkg:apk/alpine/librewolf@87.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2021-23986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkr1-3kh6-aqbs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/librewolf@87.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"}