{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"1:140.11.0esr-1~deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:140.11.0esr-1","latest_non_vulnerable_version":"1:140.11.0esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/367?format=json","vulnerability_id":"VCID-11ng-ds1t-ybdy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8946.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8946","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15748","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479849","reference_id":"2479849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479849"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029070","reference_id":"show_bug.cgi?id=2029070","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:09:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029070"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8946"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ng-ds1t-ybdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/371?format=json","vulnerability_id":"VCID-1sgn-41vs-efcy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8401.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8401","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24553","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24488","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24543","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476492","reference_id":"2476492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476492"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038679","reference_id":"show_bug.cgi?id=2038679","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:46:22Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038679"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8401"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sgn-41vs-efcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/385?format=json","vulnerability_id":"VCID-5fc5-xu9y-ekca","summary":"Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8974.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8974","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14331","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14368","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8974"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479855","reference_id":"2479855","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479855"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8974"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fc5-xu9y-ekca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/373?format=json","vulnerability_id":"VCID-5h7s-sfrz-eye3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8950.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8950","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05099","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05077","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05084","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479853","reference_id":"2479853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479853"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1965430","reference_id":"show_bug.cgi?id=1965430","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:47:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1965430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8950"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h7s-sfrz-eye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/375?format=json","vulnerability_id":"VCID-e6ek-fjxf-subv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8954.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8954","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14044","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14079","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14081","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479847","reference_id":"2479847","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479847"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030747","reference_id":"show_bug.cgi?id=2030747","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:15:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8954"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ek-fjxf-subv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/379?format=json","vulnerability_id":"VCID-fbuu-t3mf-cfeg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8958.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8958","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18363","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18329","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18366","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479848","reference_id":"2479848","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479848"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034713","reference_id":"show_bug.cgi?id=2034713","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T15:03:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8958"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbuu-t3mf-cfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/369?format=json","vulnerability_id":"VCID-fhmv-bse8-abaw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8947.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8947","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20297","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20259","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20308","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479873","reference_id":"2479873","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479873"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038439","reference_id":"show_bug.cgi?id=2038439","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:14:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038439"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8947"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhmv-bse8-abaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/376?format=json","vulnerability_id":"VCID-g339-cuzq-ffh1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8955.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8955.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8955","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13875","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8955"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479842","reference_id":"2479842","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479842"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2031064","reference_id":"show_bug.cgi?id=2031064","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2031064"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8955"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g339-cuzq-ffh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/368?format=json","vulnerability_id":"VCID-hjh5-utas-ekb9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8388.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8388","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13575","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13534","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1357","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476469","reference_id":"2476469","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476469"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2036978","reference_id":"show_bug.cgi?id=2036978","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T18:28:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2036978"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8388"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjh5-utas-ekb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/377?format=json","vulnerability_id":"VCID-rne7-tu7d-v7e9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8956.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8956","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.2006","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20099","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20105","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479839","reference_id":"2479839","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479839"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032427","reference_id":"show_bug.cgi?id=2032427","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:37:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8956"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rne7-tu7d-v7e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/384?format=json","vulnerability_id":"VCID-tqws-w9ga-gqew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8970.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8970","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13875","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479852","reference_id":"2479852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479852"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032174","reference_id":"show_bug.cgi?id=2032174","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:30Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032174"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8970"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqws-w9ga-gqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/386?format=json","vulnerability_id":"VCID-tuxm-fxt8-vbee","summary":"Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8975.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8975","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14692","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1465","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479840","reference_id":"2479840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479840"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669","reference_id":"buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:35Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8975"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuxm-fxt8-vbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/374?format=json","vulnerability_id":"VCID-tzqv-xgdb-efa1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8953.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8953","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1465","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14692","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479860","reference_id":"2479860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479860"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029511","reference_id":"show_bug.cgi?id=2029511","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T16:02:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8953"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzqv-xgdb-efa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/378?format=json","vulnerability_id":"VCID-uncq-bg36-3yfe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8957.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8957","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13875","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13912","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479880","reference_id":"2479880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479880"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2033850","reference_id":"show_bug.cgi?id=2033850","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T03:55:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2033850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8957"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uncq-bg36-3yfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/382?format=json","vulnerability_id":"VCID-vseb-hh7u-1fc5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8962.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8962","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15221","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479876","reference_id":"2479876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479876"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004804","reference_id":"show_bug.cgi?id=2004804","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T15:12:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004804"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8962"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vseb-hh7u-1fc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/370?format=json","vulnerability_id":"VCID-w8ts-g59t-z3d7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8391.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8391","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28818","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28783","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28853","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476475","reference_id":"2476475","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476475"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","reference_id":"mfsa2026-45","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","reference_id":"mfsa2026-47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038575","reference_id":"show_bug.cgi?id=2038575","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:47:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8391"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ts-g59t-z3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/381?format=json","vulnerability_id":"VCID-z1zg-s87s-fkdu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8961.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8961","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10574","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10613","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479871","reference_id":"2479871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479871"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1962625","reference_id":"show_bug.cgi?id=1962625","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:11:37Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1962625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8961"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1zg-s87s-fkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/383?format=json","vulnerability_id":"VCID-z8mw-3stk-vbdg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8968.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8968","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19475","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19518","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479846","reference_id":"2479846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479846"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","reference_id":"mfsa2026-46","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-48"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","reference_id":"mfsa2026-48","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","reference_id":"mfsa2026-50","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","reference_id":"mfsa2026-51","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21378","reference_id":"RHSA-2026:21378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21380","reference_id":"RHSA-2026:21380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21381","reference_id":"RHSA-2026:21381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21382","reference_id":"RHSA-2026:21382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22325","reference_id":"RHSA-2026:22325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22643","reference_id":"RHSA-2026:22643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030467","reference_id":"show_bug.cgi?id=2030467","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-19T14:23:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130941?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130939?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130943?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132010?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132009?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/132012?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/130942?format=json","purl":"pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8968"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8mw-3stk-vbdg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1~deb13u1%3Fdistro=trixie"}