{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","type":"apk","namespace":"alpine","name":"thunderbird","version":"91.3.2-r0","qualifiers":{"arch":"s390x","distroversion":"v3.19","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"91.4.0-r0","latest_non_vulnerable_version":"115.5.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1273?format=json","vulnerability_id":"VCID-1cnr-28vc-sqcy","summary":"Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29980.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29980","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70458","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70417","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992421","reference_id":"1992421","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992421"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29980"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cnr-28vc-sqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1289?format=json","vulnerability_id":"VCID-473a-9b6z-bufs","summary":"The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80.  However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP.  This was resolved by disabling the Opportunistic Encryption feature, which had low usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38507.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38507","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67361","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019625","reference_id":"2019625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019625"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38507"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-473a-9b6z-bufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1253?format=json","vulnerability_id":"VCID-5fw4-9nf9-h3d7","summary":"A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23994.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23994.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23994","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60804","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951364","reference_id":"1951364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951364"},{"reference_url":"https://security.archlinux.org/ASA-202104-3","reference_id":"ASA-202104-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-3"},{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1834","reference_id":"AVG-1834","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1834"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15","reference_id":"mfsa2021-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16","reference_id":"mfsa2021-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1350","reference_id":"RHSA-2021:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1351","reference_id":"RHSA-2021:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1352","reference_id":"RHSA-2021:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1353","reference_id":"RHSA-2021:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1360","reference_id":"RHSA-2021:1360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1361","reference_id":"RHSA-2021:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1362","reference_id":"RHSA-2021:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1363","reference_id":"RHSA-2021:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1363"},{"reference_url":"https://usn.ubuntu.com/4926-1/","reference_id":"USN-4926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4926-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-23994"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fw4-9nf9-h3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1270?format=json","vulnerability_id":"VCID-5h5r-wcta-a7au","summary":"A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29986.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29986","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69524","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992417","reference_id":"1992417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992417"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29986"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h5r-wcta-a7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1372?format=json","vulnerability_id":"VCID-65qx-jkez-8fgd","summary":"If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29957.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29957","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54056","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54113","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961503","reference_id":"1961503","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961503"},{"reference_url":"https://security.archlinux.org/ASA-202105-29","reference_id":"ASA-202105-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-29"},{"reference_url":"https://security.archlinux.org/AVG-1964","reference_id":"AVG-1964","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1964"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-22","reference_id":"mfsa2021-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2261","reference_id":"RHSA-2021:2261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2262","reference_id":"RHSA-2021:2262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2263","reference_id":"RHSA-2021:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2264","reference_id":"RHSA-2021:2264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2264"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29957"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65qx-jkez-8fgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1257?format=json","vulnerability_id":"VCID-7ex1-ufcv-5yg8","summary":"If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23999.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23999","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46715","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46648","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951368","reference_id":"1951368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951368"},{"reference_url":"https://security.archlinux.org/ASA-202104-3","reference_id":"ASA-202104-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-3"},{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1834","reference_id":"AVG-1834","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1834"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15","reference_id":"mfsa2021-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16","reference_id":"mfsa2021-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1350","reference_id":"RHSA-2021:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1351","reference_id":"RHSA-2021:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1352","reference_id":"RHSA-2021:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1353","reference_id":"RHSA-2021:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1360","reference_id":"RHSA-2021:1360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1361","reference_id":"RHSA-2021:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1362","reference_id":"RHSA-2021:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1363","reference_id":"RHSA-2021:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1363"},{"reference_url":"https://usn.ubuntu.com/4926-1/","reference_id":"USN-4926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4926-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-23999"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ex1-ufcv-5yg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1260?format=json","vulnerability_id":"VCID-7nqh-truu-7khb","summary":"Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29946.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29946","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37089","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36998","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951371","reference_id":"1951371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951371"},{"reference_url":"https://security.archlinux.org/ASA-202104-3","reference_id":"ASA-202104-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-3"},{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1834","reference_id":"AVG-1834","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1834"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15","reference_id":"mfsa2021-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16","reference_id":"mfsa2021-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1350","reference_id":"RHSA-2021:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1351","reference_id":"RHSA-2021:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1352","reference_id":"RHSA-2021:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1353","reference_id":"RHSA-2021:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1360","reference_id":"RHSA-2021:1360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1361","reference_id":"RHSA-2021:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1362","reference_id":"RHSA-2021:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1363","reference_id":"RHSA-2021:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1363"},{"reference_url":"https://usn.ubuntu.com/4926-1/","reference_id":"USN-4926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4926-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29946"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nqh-truu-7khb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1292?format=json","vulnerability_id":"VCID-7s6p-8cx2-bybs","summary":"Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38509.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38509","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61494","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61447","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019628","reference_id":"2019628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019628"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38509"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7s6p-8cx2-bybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1317?format=json","vulnerability_id":"VCID-85sw-xvhm-nyhk","summary":"Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29982","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29982"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29982"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85sw-xvhm-nyhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1290?format=json","vulnerability_id":"VCID-8x8f-1u2g-subu","summary":"A use-after-free could have occurred when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43535.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43535","reference_id":"","reference_type":"","scores":[{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.79133","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.79159","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019626","reference_id":"2019626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019626"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-43535"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x8f-1u2g-subu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1275?format=json","vulnerability_id":"VCID-918z-26zm-67hc","summary":"Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29989.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29989","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67243","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67202","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992423","reference_id":"1992423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992423"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29989"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-918z-26zm-67hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1316?format=json","vulnerability_id":"VCID-agq3-2s95-wuey","summary":"After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.*This bug only affects Thunderbird on Linux. Other operating systems are unaffected.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29987","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49558","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4962","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29987"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29987"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agq3-2s95-wuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1315?format=json","vulnerability_id":"VCID-ak6t-tsyf-p3ga","summary":"An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29981","reference_id":"","reference_type":"","scores":[{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62082","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.6213","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29981"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29981"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ak6t-tsyf-p3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1285?format=json","vulnerability_id":"VCID-bnuz-8g1t-ybc2","summary":"The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38503.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38503","reference_id":"","reference_type":"","scores":[{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.78196","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.7817","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019621","reference_id":"2019621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019621"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38503"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnuz-8g1t-ybc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1287?format=json","vulnerability_id":"VCID-bsrv-bkzk-pfhh","summary":"Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.*This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38505.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38505","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019623","reference_id":"2019623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019623"},{"reference_url":"https://security.archlinux.org/AVG-2512","reference_id":"AVG-2512","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2512"},{"reference_url":"https://security.archlinux.org/AVG-2519","reference_id":"AVG-2519","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2519"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38505"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsrv-bkzk-pfhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1297?format=json","vulnerability_id":"VCID-cc7x-wcyu-97hb","summary":"Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38497.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38497","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41475","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38497"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011098","reference_id":"2011098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011098"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38497"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cc7x-wcyu-97hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1300?format=json","vulnerability_id":"VCID-cjrw-f991-e7fr","summary":"Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38500.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38500","reference_id":"","reference_type":"","scores":[{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78212","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011100","reference_id":"2011100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011100"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-44","reference_id":"mfsa2021-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-44"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38500"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjrw-f991-e7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1286?format=json","vulnerability_id":"VCID-d78u-x2t8-vkfg","summary":"When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38504.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38504","reference_id":"","reference_type":"","scores":[{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80019","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019622","reference_id":"2019622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019622"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38504"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d78u-x2t8-vkfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1355?format=json","vulnerability_id":"VCID-ewjv-u485-dqg9","summary":"If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29969.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29969","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5385","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982015","reference_id":"1982015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982015"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29969"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewjv-u485-dqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1393?format=json","vulnerability_id":"VCID-g7z8-217k-3ygy","summary":"Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29991.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29991","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.5421","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29991"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995267","reference_id":"1995267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995267"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.archlinux.org/AVG-2301","reference_id":"AVG-2301","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2301"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-37","reference_id":"mfsa2021-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-37"},{"reference_url":"https://usn.ubuntu.com/5047-1/","reference_id":"USN-5047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5047-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29991"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7z8-217k-3ygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1299?format=json","vulnerability_id":"VCID-hsg8-3bpf-b3ex","summary":"In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32810.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32810","reference_id":"","reference_type":"","scores":[{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78342","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78316","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/crossbeam-rs/crossbeam","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/crossbeam-rs/crossbeam"},{"reference_url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0093.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0093.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990342","reference_id":"1990342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990342"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993146","reference_id":"993146","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993146"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-32810","GHSA-pqqp-xmhj-wgcw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsg8-3bpf-b3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1268?format=json","vulnerability_id":"VCID-j7v9-pfg1-v3c7","summary":"Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29976.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29976","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69128","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982014","reference_id":"1982014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982014"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29976"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7v9-pfg1-v3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1320?format=json","vulnerability_id":"VCID-maga-jq3w-1bfk","summary":"Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29967","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58838","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58791","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966831","reference_id":"1966831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966831"},{"reference_url":"https://security.archlinux.org/ASA-202106-22","reference_id":"ASA-202106-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-22"},{"reference_url":"https://security.archlinux.org/ASA-202106-3","reference_id":"ASA-202106-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-3"},{"reference_url":"https://security.archlinux.org/AVG-2018","reference_id":"AVG-2018","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2018"},{"reference_url":"https://security.archlinux.org/AVG-2035","reference_id":"AVG-2035","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2035"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23","reference_id":"mfsa2021-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24","reference_id":"mfsa2021-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26","reference_id":"mfsa2021-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2206","reference_id":"RHSA-2021:2206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2208","reference_id":"RHSA-2021:2208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2214","reference_id":"RHSA-2021:2214","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2233","reference_id":"RHSA-2021:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2261","reference_id":"RHSA-2021:2261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2262","reference_id":"RHSA-2021:2262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2263","reference_id":"RHSA-2021:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2264","reference_id":"RHSA-2021:2264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2264"},{"reference_url":"https://usn.ubuntu.com/4978-1/","reference_id":"USN-4978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4978-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29967"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-maga-jq3w-1bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1261?format=json","vulnerability_id":"VCID-mv47-mh43-wfg1","summary":"A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug only affected Firefox when accessibility was enabled.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29970.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29970","reference_id":"","reference_type":"","scores":[{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74391","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982013","reference_id":"1982013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982013"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29970"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv47-mh43-wfg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1272?format=json","vulnerability_id":"VCID-n657-bctg-1few","summary":"Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29984.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29984","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63915","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63873","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992420","reference_id":"1992420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992420"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29984"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n657-bctg-1few"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1258?format=json","vulnerability_id":"VCID-ppcj-1ng5-53hq","summary":"When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24002.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24002","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.582","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5815","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951369","reference_id":"1951369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951369"},{"reference_url":"https://security.archlinux.org/ASA-202104-3","reference_id":"ASA-202104-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-3"},{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1834","reference_id":"AVG-1834","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1834"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15","reference_id":"mfsa2021-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16","reference_id":"mfsa2021-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1350","reference_id":"RHSA-2021:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1351","reference_id":"RHSA-2021:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1352","reference_id":"RHSA-2021:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1353","reference_id":"RHSA-2021:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1360","reference_id":"RHSA-2021:1360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1361","reference_id":"RHSA-2021:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1362","reference_id":"RHSA-2021:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1363","reference_id":"RHSA-2021:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1363"},{"reference_url":"https://usn.ubuntu.com/4926-1/","reference_id":"USN-4926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4926-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-24002"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppcj-1ng5-53hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1326?format=json","vulnerability_id":"VCID-pq8z-akw6-cfad","summary":"Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67877","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67917","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900","reference_id":"2002900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40","reference_id":"mfsa2021-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41","reference_id":"mfsa2021-41","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38495"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq8z-akw6-cfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1319?format=json","vulnerability_id":"VCID-rkmm-7vbf-vych","summary":"A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29964.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29964","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54511","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966830","reference_id":"1966830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966830"},{"reference_url":"https://security.archlinux.org/AVG-2019","reference_id":"AVG-2019","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2019"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23","reference_id":"mfsa2021-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24","reference_id":"mfsa2021-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26","reference_id":"mfsa2021-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29964"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkmm-7vbf-vych"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1278?format=json","vulnerability_id":"VCID-smj8-23ww-4qhq","summary":"The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.*Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29951.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29951","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65832","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67616","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961505","reference_id":"1961505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961505"},{"reference_url":"https://security.archlinux.org/AVG-1914","reference_id":"AVG-1914","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1914"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-18","reference_id":"mfsa2021-18","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-19","reference_id":"mfsa2021-19","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29951"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smj8-23ww-4qhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1298?format=json","vulnerability_id":"VCID-tx7n-22r1-m7fh","summary":"During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38498.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38498","reference_id":"","reference_type":"","scores":[{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.71119","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.71076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011099","reference_id":"2011099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011099"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38498"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx7n-22r1-m7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1291?format=json","vulnerability_id":"VCID-unnb-hcmb-tqep","summary":"By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38508.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38508","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56977","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56926","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019627","reference_id":"2019627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019627"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38508"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unnb-hcmb-tqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1288?format=json","vulnerability_id":"VCID-w3cg-uv84-q3g5","summary":"Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38506.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38506","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75498","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019624","reference_id":"2019624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019624"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38506"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cg-uv84-q3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1263?format=json","vulnerability_id":"VCID-w6kt-w2ua-myfm","summary":"An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30547.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30547.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30547","reference_id":"","reference_type":"","scores":[{"value":"0.02512","scoring_system":"epss","scoring_elements":"0.85664","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02512","scoring_system":"epss","scoring_elements":"0.85686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970109","reference_id":"1970109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079","reference_id":"990079","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079"},{"reference_url":"https://security.archlinux.org/ASA-202106-31","reference_id":"ASA-202106-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-31"},{"reference_url":"https://security.archlinux.org/ASA-202106-32","reference_id":"ASA-202106-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-32"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2057","reference_id":"AVG-2057","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2057"},{"reference_url":"https://security.archlinux.org/AVG-2058","reference_id":"AVG-2058","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2058"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-30547"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6kt-w2ua-myfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1271?format=json","vulnerability_id":"VCID-wqye-9ny7-e7a3","summary":"Thunderbird incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29988.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29988","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70458","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70417","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992419","reference_id":"1992419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992419"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29988"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqye-9ny7-e7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1330?format=json","vulnerability_id":"VCID-wrq2-8htg-eqd3","summary":"Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38493.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38493","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62223","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62174","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002119","reference_id":"2002119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002119"},{"reference_url":"https://security.archlinux.org/AVG-2344","reference_id":"AVG-2344","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2344"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38","reference_id":"mfsa2021-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39","reference_id":"mfsa2021-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42","reference_id":"mfsa2021-42","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3494","reference_id":"RHSA-2021:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3495","reference_id":"RHSA-2021:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3496","reference_id":"RHSA-2021:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3497","reference_id":"RHSA-2021:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3498","reference_id":"RHSA-2021:3498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3499","reference_id":"RHSA-2021:3499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3500","reference_id":"RHSA-2021:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3501","reference_id":"RHSA-2021:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3501"},{"reference_url":"https://usn.ubuntu.com/5074-1/","reference_id":"USN-5074-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5074-1/"},{"reference_url":"https://usn.ubuntu.com/5146-1/","reference_id":"USN-5146-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5146-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-38493"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrq2-8htg-eqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1274?format=json","vulnerability_id":"VCID-yny3-7vjj-kyga","summary":"A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29985.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29985","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6174","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61692","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992422","reference_id":"1992422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992422"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-29985"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yny3-7vjj-kyga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1255?format=json","vulnerability_id":"VCID-zjej-aua1-abbc","summary":"Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23998.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23998.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23998","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37062","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36972","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29949"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951366","reference_id":"1951366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951366"},{"reference_url":"https://security.archlinux.org/ASA-202104-3","reference_id":"ASA-202104-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-3"},{"reference_url":"https://security.archlinux.org/ASA-202104-4","reference_id":"ASA-202104-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-4"},{"reference_url":"https://security.archlinux.org/AVG-1834","reference_id":"AVG-1834","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1834"},{"reference_url":"https://security.archlinux.org/AVG-1836","reference_id":"AVG-1836","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1836"},{"reference_url":"https://security.gentoo.org/glsa/202104-09","reference_id":"GLSA-202104-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-09"},{"reference_url":"https://security.gentoo.org/glsa/202104-10","reference_id":"GLSA-202104-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14","reference_id":"mfsa2021-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15","reference_id":"mfsa2021-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16","reference_id":"mfsa2021-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1350","reference_id":"RHSA-2021:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1351","reference_id":"RHSA-2021:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1352","reference_id":"RHSA-2021:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1353","reference_id":"RHSA-2021:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1360","reference_id":"RHSA-2021:1360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1361","reference_id":"RHSA-2021:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1362","reference_id":"RHSA-2021:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1363","reference_id":"RHSA-2021:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1363"},{"reference_url":"https://usn.ubuntu.com/4926-1/","reference_id":"USN-4926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4926-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/333274?format=json","purl":"pkg:apk/alpine/thunderbird@91.3.2-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}],"aliases":["CVE-2021-23998"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjej-aua1-abbc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.3.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community"}