{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","type":"mozilla","namespace":"","name":"Thunderbird","version":"24.3.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"24.4.0","latest_non_vulnerable_version":"151.0.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2701?format=json","vulnerability_id":"VCID-1fej-m4eu-syax","summary":"Mozilla developer Boris Zbarsky reported an inconsistency\nwith the different JavaScript engines in how JavaScript native getters on\nwindow objects are handled by these engines. This inconsistency can\nlead to different behaviors in JavaScript code, allowing for a potential\nsecurity issue with window handling by bypassing of some security checks. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled in mail, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1481.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1481","reference_id":"","reference_type":"","scores":[{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85871","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85848","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85869","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85868","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02581","scoring_system":"epss","scoring_elements":"0.85852","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1481"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060952","reference_id":"1060952","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481","reference_id":"CVE-2014-1481","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-13","reference_id":"mfsa2014-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1481"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fej-m4eu-syax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2707?format=json","vulnerability_id":"VCID-e4nd-kjf2-yfav","summary":"Fredrik 'Flonka' Lönnqvist discovered an issue with image\ndecoding in RasterImage caused by continued use of discarded\nimages. This could allow for the writing to unowned memory and a potentially\nexploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled in mail, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1482.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1482","reference_id":"","reference_type":"","scores":[{"value":"0.02741","scoring_system":"epss","scoring_elements":"0.86256","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02741","scoring_system":"epss","scoring_elements":"0.86277","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02741","scoring_system":"epss","scoring_elements":"0.86279","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02741","scoring_system":"epss","scoring_elements":"0.86275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02741","scoring_system":"epss","scoring_elements":"0.86263","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060942","reference_id":"1060942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482","reference_id":"CVE-2014-1482","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-04","reference_id":"mfsa2014-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1482"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4nd-kjf2-yfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2740?format=json","vulnerability_id":"VCID-jgcv-d13t-cyh2","summary":"Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1477","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75307","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75295","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75282","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060938","reference_id":"1060938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477","reference_id":"CVE-2014-1477","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-01","reference_id":"mfsa2014-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1477"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgcv-d13t-cyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2772?format=json","vulnerability_id":"VCID-kn9n-dpkn-d7bu","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1490.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1490","reference_id":"","reference_type":"","scores":[{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81852","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81885","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.8188","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81896","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060953","reference_id":"1060953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490","reference_id":"CVE-2014-1490","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0917","reference_id":"RHSA-2014:0917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1246","reference_id":"RHSA-2014:1246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1246"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1490"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9n-dpkn-d7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2716?format=json","vulnerability_id":"VCID-nrmk-8zfr-4kfm","summary":"Security researcher Cody Crews reported a method to bypass\nSystem Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to\nclone protected XUL elements. This could be used to clone anonymous nodes,\nmaking trusted XUL content web accessible.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled in mail, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1479","reference_id":"","reference_type":"","scores":[{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81277","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81247","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81275","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81287","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01468","scoring_system":"epss","scoring_elements":"0.81271","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060940","reference_id":"1060940","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479","reference_id":"CVE-2014-1479","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-02","reference_id":"mfsa2014-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1479"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrmk-8zfr-4kfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2728?format=json","vulnerability_id":"VCID-r8re-c8tm-skhm","summary":"Security researcher Arthur Gerkis, via TippingPoint's Zero\nDay Initiative, reported a use-after-free during image processing from sites\nwith specific content types in concert with the imgRequestProxy\nfunction. This causes a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled in mail, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1486.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1486","reference_id":"","reference_type":"","scores":[{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93496","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-06-09T12:55:00Z"},{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93504","published_at":"2026-06-07T12:55:00Z"},{"value":"0.10821","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1486"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060945","reference_id":"1060945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486","reference_id":"CVE-2014-1486","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-08","reference_id":"mfsa2014-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1486"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8re-c8tm-skhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2720?format=json","vulnerability_id":"VCID-wzp9-phdj-y3em","summary":"Security researcher Masato Kinugawa reported a cross-origin\ninformation leak through web workers' error messages. This violates same-origin\npolicy and the leaked information could potentially be used to gather\nauthentication tokens and other data from third-party websites. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled in mail, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1487","reference_id":"","reference_type":"","scores":[{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70188","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70136","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70179","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70182","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.7017","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70159","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1487"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060947","reference_id":"1060947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487","reference_id":"CVE-2014-1487","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-09","reference_id":"mfsa2014-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0132","reference_id":"RHSA-2014:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0133","reference_id":"RHSA-2014:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0133"},{"reference_url":"https://usn.ubuntu.com/2102-1/","reference_id":"USN-2102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2102-1/"},{"reference_url":"https://usn.ubuntu.com/2119-1/","reference_id":"USN-2119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2119-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168?format=json","purl":"pkg:mozilla/Thunderbird@24.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}],"aliases":["CVE-2014-1487"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzp9-phdj-y3em"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.3.0"}