Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/331541?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "type": "apk", "namespace": "alpine", "name": "firefox-esr", "version": "68.1.0-r0", "qualifiers": { "arch": "ppc64le", "distroversion": "v3.13", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "68.2.0-r0", "latest_non_vulnerable_version": "78.15.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1611?format=api", "vulnerability_id": "VCID-7skz-3xdx-qfb2", "summary": "Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51735", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51666", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51725", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748660", "reference_id": "1748660", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748660" }, { "reference_url": "https://security.archlinux.org/ASA-201909-2", "reference_id": "ASA-201909-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-2" }, { "reference_url": "https://security.archlinux.org/AVG-1036", "reference_id": "AVG-1036", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1036" }, { "reference_url": "https://security.gentoo.org/glsa/201911-07", "reference_id": "GLSA-201911-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25", "reference_id": "mfsa2019-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26", "reference_id": "mfsa2019-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27", "reference_id": "mfsa2019-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2663", "reference_id": "RHSA-2019:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2694", "reference_id": "RHSA-2019:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2729", "reference_id": "RHSA-2019:2729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2729" }, { "reference_url": "https://usn.ubuntu.com/4122-1/", "reference_id": "USN-4122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" } ], "aliases": [ "CVE-2019-9812" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7skz-3xdx-qfb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1608?format=api", "vulnerability_id": "VCID-a7f4-e11n-nudj", "summary": "A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11742.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67617", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.6761", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67569", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748653", "reference_id": "1748653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748653" }, { "reference_url": "https://security.archlinux.org/ASA-201909-2", "reference_id": "ASA-201909-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-2" }, { "reference_url": "https://security.archlinux.org/AVG-1036", "reference_id": "AVG-1036", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1036" }, { "reference_url": "https://security.gentoo.org/glsa/201911-07", "reference_id": "GLSA-201911-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25", "reference_id": "mfsa2019-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26", "reference_id": "mfsa2019-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27", "reference_id": "mfsa2019-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29", "reference_id": "mfsa2019-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30", "reference_id": "mfsa2019-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2663", "reference_id": "RHSA-2019:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2694", "reference_id": "RHSA-2019:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2729", "reference_id": "RHSA-2019:2729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2773", "reference_id": "RHSA-2019:2773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2774", "reference_id": "RHSA-2019:2774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2807", "reference_id": "RHSA-2019:2807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2807" }, { "reference_url": "https://usn.ubuntu.com/4122-1/", "reference_id": "USN-4122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4122-1/" }, { "reference_url": "https://usn.ubuntu.com/4150-1/", "reference_id": "USN-4150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" } ], "aliases": [ "CVE-2019-11742" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7f4-e11n-nudj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1613?format=api", "vulnerability_id": "VCID-gus7-632r-pbe8", "summary": "Mozilla developers and community members Tyson Smith and Nathan Froyd reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81601", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81599", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.8157", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748652", "reference_id": "1748652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748652" }, { "reference_url": "https://security.archlinux.org/ASA-201909-2", "reference_id": "ASA-201909-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-2" }, { "reference_url": "https://security.archlinux.org/AVG-1036", "reference_id": "AVG-1036", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1036" }, { "reference_url": "https://security.gentoo.org/glsa/201911-07", "reference_id": "GLSA-201911-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25", "reference_id": "mfsa2019-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26", "reference_id": "mfsa2019-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27", "reference_id": "mfsa2019-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29", "reference_id": "mfsa2019-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30", "reference_id": "mfsa2019-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2663", "reference_id": "RHSA-2019:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2694", "reference_id": "RHSA-2019:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2729", "reference_id": "RHSA-2019:2729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2773", "reference_id": "RHSA-2019:2773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2774", "reference_id": "RHSA-2019:2774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2807", "reference_id": "RHSA-2019:2807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2807" }, { "reference_url": "https://usn.ubuntu.com/4122-1/", "reference_id": "USN-4122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4122-1/" }, { "reference_url": "https://usn.ubuntu.com/4150-1/", "reference_id": "USN-4150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" } ], "aliases": [ "CVE-2019-11740" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gus7-632r-pbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1612?format=api", "vulnerability_id": "VCID-q8zd-91dy-x7cx", "summary": "Navigation events were not fully adhering to the W3C's \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.764", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76399", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76371", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748654", "reference_id": "1748654", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748654" }, { "reference_url": "https://security.archlinux.org/ASA-201909-2", "reference_id": "ASA-201909-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-2" }, { "reference_url": "https://security.archlinux.org/AVG-1036", "reference_id": "AVG-1036", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1036" }, { "reference_url": "https://security.gentoo.org/glsa/201911-07", "reference_id": "GLSA-201911-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25", "reference_id": "mfsa2019-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26", "reference_id": "mfsa2019-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27", "reference_id": "mfsa2019-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29", "reference_id": "mfsa2019-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30", "reference_id": "mfsa2019-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2663", "reference_id": "RHSA-2019:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2694", "reference_id": "RHSA-2019:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2729", "reference_id": "RHSA-2019:2729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2773", "reference_id": "RHSA-2019:2773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2774", "reference_id": "RHSA-2019:2774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2807", "reference_id": "RHSA-2019:2807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2807" }, { "reference_url": "https://usn.ubuntu.com/4122-1/", "reference_id": "USN-4122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4122-1/" }, { "reference_url": "https://usn.ubuntu.com/4150-1/", "reference_id": "USN-4150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" } ], "aliases": [ "CVE-2019-11743" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zd-91dy-x7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1607?format=api", "vulnerability_id": "VCID-rkqd-sddx-dqc6", "summary": "Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71744", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71703", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748655", "reference_id": "1748655", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748655" }, { "reference_url": "https://security.archlinux.org/ASA-201909-2", "reference_id": "ASA-201909-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-2" }, { "reference_url": "https://security.archlinux.org/AVG-1036", "reference_id": "AVG-1036", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1036" }, { "reference_url": "https://security.gentoo.org/glsa/201911-07", "reference_id": "GLSA-201911-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201911-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25", "reference_id": "mfsa2019-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26", "reference_id": "mfsa2019-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27", "reference_id": "mfsa2019-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29", "reference_id": "mfsa2019-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30", "reference_id": "mfsa2019-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2663", "reference_id": "RHSA-2019:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2694", "reference_id": "RHSA-2019:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2729", "reference_id": "RHSA-2019:2729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2773", "reference_id": "RHSA-2019:2773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2774", "reference_id": "RHSA-2019:2774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2807", "reference_id": "RHSA-2019:2807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2807" }, { "reference_url": "https://usn.ubuntu.com/4122-1/", "reference_id": "USN-4122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4122-1/" }, { "reference_url": "https://usn.ubuntu.com/4150-1/", "reference_id": "USN-4150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/331541?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.1.0-r0?arch=ppc64le&distroversion=v3.13&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" } ], "aliases": [ "CVE-2019-11744" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkqd-sddx-dqc6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.1.0-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community" }