{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","type":"ebuild","namespace":"mail-client","name":"mozilla-thunderbird-bin","version":"2.14-r1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.14","latest_non_vulnerable_version":"10.0.11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=json","vulnerability_id":"VCID-114z-7ta8-mqe7","summary":"Security researcher Gregory Fleischer reported\nthat when an Adobe Flash file is loaded via\nthe view-source: scheme, the Flash plugin misinterprets\nthe origin of the content as localhost, leading to two specific\nvulnerabilities:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1307","reference_id":"","reference_type":"","scores":[{"value":"0.01373","scoring_system":"epss","scoring_elements":"0.8054","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1307"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496263","reference_id":"496263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307","reference_id":"CVE-2009-1307","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17","reference_id":"mfsa2009-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-114z-7ta8-mqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2482?format=json","vulnerability_id":"VCID-12eu-2nge-u3hu","summary":"Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol.  The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4068","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.504","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4068"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463248","reference_id":"463248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068","reference_id":"CVE-2008-4068","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44","reference_id":"mfsa2008-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12eu-2nge-u3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74197?format=json","vulnerability_id":"VCID-12q6-5pjj-q7d6","summary":": Firefox DoS (crash) via crafted web site that triggers memory consumption","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0220","reference_id":"","reference_type":"","scores":[{"value":"0.00947","scoring_system":"epss","scoring_elements":"0.76634","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=579085","reference_id":"579085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=579085"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12q6-5pjj-q7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2242?format=json","vulnerability_id":"VCID-13rr-43nj-h7af","summary":"Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0446","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62853","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446","reference_id":"CVE-2012-0446","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05","reference_id":"mfsa2012-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0446"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13rr-43nj-h7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2161?format=json","vulnerability_id":"VCID-16sb-uhrd-xfaf","summary":"Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0170","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66225","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170","reference_id":"CVE-2010-0170","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10","reference_id":"mfsa2010-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16sb-uhrd-xfaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2600?format=json","vulnerability_id":"VCID-18dk-sq41-5kfp","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3070","reference_id":"","reference_type":"","scores":[{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88679","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521686","reference_id":"521686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070","reference_id":"CVE-2009-3070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18dk-sq41-5kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2297?format=json","vulnerability_id":"VCID-19ut-3c72-1kfk","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4215","reference_id":"","reference_type":"","scores":[{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4215"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215","reference_id":"CVE-2012-4215","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4215"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19ut-3c72-1kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2870?format=json","vulnerability_id":"VCID-1m8n-68ks-cqd4","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2996","reference_id":"","reference_type":"","scores":[{"value":"0.08708","scoring_system":"epss","scoring_elements":"0.92611","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741903","reference_id":"741903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996","reference_id":"CVE-2011-2996","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2996"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1m8n-68ks-cqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2316?format=json","vulnerability_id":"VCID-1nsv-4xw6-q3bh","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1973","reference_id":"","reference_type":"","scores":[{"value":"0.04246","scoring_system":"epss","scoring_elements":"0.88966","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973","reference_id":"CVE-2012-1973","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1973"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nsv-4xw6-q3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=json","vulnerability_id":"VCID-1rgf-x73x-33dk","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1958","reference_id":"","reference_type":"","scores":[{"value":"0.03872","scoring_system":"epss","scoring_elements":"0.8843","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1958"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840211","reference_id":"840211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958","reference_id":"CVE-2012-1958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48","reference_id":"mfsa2012-48","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgf-x73x-33dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78287?format=json","vulnerability_id":"VCID-1ujh-zyv7-cqde","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2437","reference_id":"","reference_type":"","scores":[{"value":"0.03757","scoring_system":"epss","scoring_elements":"0.88227","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936","reference_id":"422936","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt","reference_id":"CVE-2007-2437;OSVDB-34905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt"},{"reference_url":"https://www.securityfocus.com/bid/23741/info","reference_id":"CVE-2007-2437;OSVDB-34905","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23741/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2007-2437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ujh-zyv7-cqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2322?format=json","vulnerability_id":"VCID-1v1p-3xrs-jfgt","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3958","reference_id":"","reference_type":"","scores":[{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84438","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3958"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958","reference_id":"CVE-2012-3958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v1p-3xrs-jfgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2396?format=json","vulnerability_id":"VCID-2479-hg85-6qa5","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1946","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81102","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1946"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827832","reference_id":"827832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946","reference_id":"CVE-2012-1946","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38","reference_id":"mfsa2012-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1946"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2479-hg85-6qa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=json","vulnerability_id":"VCID-26q8-bbpg-5fgk","summary":"Mozilla community member Michael reported that\nwhen a server responds with a Refresh header containing a\njavascript: URI, Firefox will redirect to the javascript: URI.  If an\nattacker could inject a Refresh header into a server\nresponse, or could control the value that a site places in\nthe Refresh header, they could use this vulnerability to\nperform an XSS attack and execute arbitrary JavaScript within the\ncontext of that site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1312","reference_id":"","reference_type":"","scores":[{"value":"0.05662","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496274","reference_id":"496274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312","reference_id":"CVE-2009-1312","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt","reference_id":"CVE-2009-1312;OSVDB-53952","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt"},{"reference_url":"https://www.securityfocus.com/bid/34656/info","reference_id":"CVE-2009-1312;OSVDB-53952","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34656/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-22","reference_id":"mfsa2009-22","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1312"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26q8-bbpg-5fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2838?format=json","vulnerability_id":"VCID-2a9n-tz4u-jyep","summary":"Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response \nMozilla behavior differed from other browsers: Mozilla would use the second\nLocation header while Chrome and Internet Explorer would use\nthe first. Two copies of this header with different values could be a symptom\nof a CRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely to be\nthe malicious one. It is possible, however, that the first copy was the\ninjected one depending on the nature of the server vulnerability.\nThe Mozilla browser engine has been changed to treat two copies of this\nheader with different values as an error condition. The same has been done\nwith the headers Content-Length and Content-Disposition","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3000","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80045","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741905","reference_id":"741905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000","reference_id":"CVE-2011-3000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39","reference_id":"mfsa2011-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a9n-tz4u-jyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2312?format=json","vulnerability_id":"VCID-2b7j-hzma-nbfb","summary":"Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441","reference_id":"","reference_type":"","scores":[{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.8794","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833","reference_id":"827833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441","reference_id":"CVE-2012-0441","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39","reference_id":"mfsa2012-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1090","reference_id":"RHSA-2012:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1091","reference_id":"RHSA-2012:1091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1091"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"},{"reference_url":"https://usn.ubuntu.com/1540-1/","reference_id":"USN-1540-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-1/"},{"reference_url":"https://usn.ubuntu.com/1540-2/","reference_id":"USN-1540-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0441"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2b7j-hzma-nbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=json","vulnerability_id":"VCID-2bc6-1f4c-fkag","summary":"Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0171","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67136","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576696","reference_id":"576696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171","reference_id":"CVE-2010-0171","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-12","reference_id":"mfsa2010-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0171"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bc6-1f4c-fkag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2474?format=json","vulnerability_id":"VCID-2e82-n7c1-5kc3","summary":"Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR.  Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5506","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67177","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5506"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476278","reference_id":"476278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506","reference_id":"CVE-2008-5506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-64","reference_id":"mfsa2008-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e82-n7c1-5kc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=json","vulnerability_id":"VCID-2j5j-gpjs-ubfp","summary":"Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins.  This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2764","reference_id":"","reference_type":"","scores":[{"value":"0.00878","scoring_system":"epss","scoring_elements":"0.75643","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630078","reference_id":"630078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764","reference_id":"CVE-2010-2764","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63","reference_id":"mfsa2010-63","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2764"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2j5j-gpjs-ubfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2856?format=json","vulnerability_id":"VCID-2pzu-trgn-cfgj","summary":"Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3647","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73803","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751931","reference_id":"751931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647","reference_id":"CVE-2011-3647","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46","reference_id":"mfsa2011-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pzu-trgn-cfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=json","vulnerability_id":"VCID-2r2b-3wt6-wuh2","summary":"Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper.  This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website.  A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472","reference_id":"","reference_type":"","scores":[{"value":"0.007","scoring_system":"epss","scoring_elements":"0.7233","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147","reference_id":"512147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472","reference_id":"CVE-2009-2472","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40","reference_id":"mfsa2009-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r2b-3wt6-wuh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=json","vulnerability_id":"VCID-2tsg-45kt-nycb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0084","reference_id":"","reference_type":"","scores":[{"value":"0.05475","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730519","reference_id":"730519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084","reference_id":"CVE-2011-0084","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0084"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tsg-45kt-nycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2387?format=json","vulnerability_id":"VCID-2u4r-fn32-n7d3","summary":"Security researcher Mariusz Mlynski reported that when a\npage opens a new tab, a subsequent window can then be opened that can be\nnavigated to about:newtab, a chrome privileged page. Once\nabout:newtab is loaded, the special context can potentially be used\nto escalate privilege, allowing for arbitrary code execution on the local system\nin a maliciously crafted attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3965","reference_id":"","reference_type":"","scores":[{"value":"0.01126","scoring_system":"epss","scoring_elements":"0.78596","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851916","reference_id":"851916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965","reference_id":"CVE-2012-3965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-60","reference_id":"mfsa2012-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-60"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3965"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u4r-fn32-n7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2032?format=json","vulnerability_id":"VCID-2vaj-7wrh-juhc","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5829","reference_id":"","reference_type":"","scores":[{"value":"0.04573","scoring_system":"epss","scoring_elements":"0.89379","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829","reference_id":"CVE-2012-5829","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02","reference_id":"mfsa2013-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"},{"reference_url":"https://usn.ubuntu.com/1681-1/","reference_id":"USN-1681-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1681-1/"},{"reference_url":"https://usn.ubuntu.com/1681-2/","reference_id":"USN-1681-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1681-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vaj-7wrh-juhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88950?format=json","vulnerability_id":"VCID-3149-34hy-pqds","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3073","reference_id":"","reference_type":"","scores":[{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81314","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3073"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2007-3073"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3149-34hy-pqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=json","vulnerability_id":"VCID-36bj-gja7-gkch","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0166","reference_id":"","reference_type":"","scores":[{"value":"0.26203","scoring_system":"epss","scoring_elements":"0.96386","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166","reference_id":"CVE-2010-0166","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html","reference_id":"CVE-2010-0166;OSVDB-63266","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html"},{"reference_url":"https://www.securityfocus.com/bid/38943/info","reference_id":"CVE-2010-0166;OSVDB-63266","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38943/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36bj-gja7-gkch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=json","vulnerability_id":"VCID-37t5-vgwu-yqe1","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3995","reference_id":"","reference_type":"","scores":[{"value":"0.02016","scoring_system":"epss","scoring_elements":"0.84019","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995","reference_id":"CVE-2012-3995","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3995"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37t5-vgwu-yqe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=json","vulnerability_id":"VCID-3ap9-a2as-q7hd","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0462","reference_id":"","reference_type":"","scores":[{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81192","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462","reference_id":"CVE-2012-0462","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ap9-a2as-q7hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2281?format=json","vulnerability_id":"VCID-3bx3-fn1g-4kbh","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1952","reference_id":"","reference_type":"","scores":[{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.7989","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952","reference_id":"CVE-2012-1952","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1952"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bx3-fn1g-4kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=json","vulnerability_id":"VCID-3cum-vygx-wfae","summary":"Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability.  The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created.  When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2752","reference_id":"","reference_type":"","scores":[{"value":"0.07986","scoring_system":"epss","scoring_elements":"0.92207","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615464","reference_id":"615464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752","reference_id":"CVE-2010-2752","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py","reference_id":"CVE-2010-2752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39","reference_id":"mfsa2010-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2752"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cum-vygx-wfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2580?format=json","vulnerability_id":"VCID-3g7q-89gg-hkb5","summary":"Mozilla developer Daniel Veditz reported that when\nthe jar: scheme is used to wrap a URI which serves the\ncontent with Content-Disposition: attachment, the HTTP\nheader is ignored and the content is unpacked and displayed inline.  A\nsite may depend on this HTTP header to prevent potentially untrusted\ncontent that it serves from executing within the context of the site.\nAn attacker could use this vulnerability to subvert sites using this\nmechanism to mitigate content injection attacks.This vulnerability has not been fixed on the Mozilla 1.8.1 branch,\nwhich is used to build Firefox 2 and Thunderbird 2.  However, note\nthat there are several mitigating factors which prevent easy\nexploitation of this issue.  In order for a website to be exploitable\nit must:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1306","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83277","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496262","reference_id":"496262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496262"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306","reference_id":"CVE-2009-1306","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-16","reference_id":"mfsa2009-16","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1306"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3g7q-89gg-hkb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2422?format=json","vulnerability_id":"VCID-3gwb-npby-tbek","summary":"Justin Schuh and Tom Cross of the\nIBM X-Force and Peter Williams of IBM Watson Labs reported\nerrors in Mozilla URL parsing routines.  These errors could be exploited\nusing a specially crafted UTF-8 URL in a hyperlink which could overflow\na stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0016","reference_id":"","reference_type":"","scores":[{"value":"0.48604","scoring_system":"epss","scoring_elements":"0.978","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463181","reference_id":"463181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016","reference_id":"CVE-2008-0016","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py","reference_id":"CVE-2008-0016;OSVDB-48780","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-37","reference_id":"mfsa2008-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-0016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwb-npby-tbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=json","vulnerability_id":"VCID-3jng-4mfe-q7a5","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1939","reference_id":"","reference_type":"","scores":[{"value":"0.03612","scoring_system":"epss","scoring_elements":"0.87982","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1939"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939","reference_id":"CVE-2012-1939","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1939"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jng-4mfe-q7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2577?format=json","vulnerability_id":"VCID-3maa-g3v4-eqc4","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465","reference_id":"","reference_type":"","scores":[{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87665","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135","reference_id":"512135","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465","reference_id":"CVE-2009-2465","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2465"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3maa-g3v4-eqc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74260?format=json","vulnerability_id":"VCID-3mbe-hcw2-ayfc","summary":"firefox 3.5 various flaws","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2478","reference_id":"","reference_type":"","scores":[{"value":"0.04071","scoring_system":"epss","scoring_elements":"0.88731","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py","reference_id":"OSVDB-55932;CVE-2009-2478","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mbe-hcw2-ayfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2442?format=json","vulnerability_id":"VCID-3qjw-kmzd-hubj","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4058","reference_id":"","reference_type":"","scores":[{"value":"0.0348","scoring_system":"epss","scoring_elements":"0.87773","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463190","reference_id":"463190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058","reference_id":"CVE-2008-4058","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4058"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qjw-kmzd-hubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2243?format=json","vulnerability_id":"VCID-3rmk-5j6r-sydb","summary":"Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4208","reference_id":"","reference_type":"","scores":[{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.69128","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877627","reference_id":"877627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208","reference_id":"CVE-2012-4208","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99","reference_id":"mfsa2012-99","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rmk-5j6r-sydb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=json","vulnerability_id":"VCID-3rsc-9zzp-qfeh","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1937","reference_id":"","reference_type":"","scores":[{"value":"0.01723","scoring_system":"epss","scoring_elements":"0.82716","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1937"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937","reference_id":"CVE-2012-1937","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1937"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rsc-9zzp-qfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71853?format=json","vulnerability_id":"VCID-3tx3-d3d3-k3gh","summary":"firefox: doesn't (re)validate certificates when loading HTTPS page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0082","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62515","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709165","reference_id":"709165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709165"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tx3-d3d3-k3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=json","vulnerability_id":"VCID-3uq6-mbus-sudu","summary":"Mateusz Jurczyk of the Google Security Team discovered an\noff-by-one error in the OpenType Sanitizer using the Address Sanitizer tool.\nThis can lead to an out-of-bounds read and execution of an uninitialized\nfunction pointer during parsing and possible remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3062","reference_id":"","reference_type":"","scores":[{"value":"0.02392","scoring_system":"epss","scoring_elements":"0.85282","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815042","reference_id":"815042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062","reference_id":"CVE-2011-3062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062"},{"reference_url":"https://security.gentoo.org/glsa/201203-24","reference_id":"GLSA-201203-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-24"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31","reference_id":"mfsa2012-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3062"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uq6-mbus-sudu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2781?format=json","vulnerability_id":"VCID-413h-nkvf-wbck","summary":"Mark Kaplan reported a potentially exploitable crash due to\ninteger underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this problem.\nThe Regular Expression engine was replaced in Firefox 4 and\nthe newer engine does not suffer from this bug.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2998","reference_id":"","reference_type":"","scores":[{"value":"0.03711","scoring_system":"epss","scoring_elements":"0.88167","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2998"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741924","reference_id":"741924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998","reference_id":"CVE-2011-2998","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37","reference_id":"mfsa2011-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1343","reference_id":"RHSA-2011:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1344","reference_id":"RHSA-2011:1344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2998"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-413h-nkvf-wbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88957?format=json","vulnerability_id":"VCID-43ch-bzjt-1ycr","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3399","reference_id":"","reference_type":"","scores":[{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70725","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3399"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43ch-bzjt-1ycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=json","vulnerability_id":"VCID-43q7-k9by-2uhh","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3962","reference_id":"","reference_type":"","scores":[{"value":"0.04219","scoring_system":"epss","scoring_elements":"0.88933","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962","reference_id":"CVE-2012-3962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3962"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43q7-k9by-2uhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2470?format=json","vulnerability_id":"VCID-457x-cvps-5kbr","summary":"Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed.  The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped.  This issue could potentially be used to bypass naive script filtering and used in an XSS attack.  This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4065","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80311","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463234","reference_id":"463234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065","reference_id":"CVE-2008-4065","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43","reference_id":"mfsa2008-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4065"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-457x-cvps-5kbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=json","vulnerability_id":"VCID-477c-8h5g-nqha","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5842","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78386","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5842"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877614","reference_id":"877614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842","reference_id":"CVE-2012-5842","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91","reference_id":"mfsa2012-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5842"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-477c-8h5g-nqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=json","vulnerability_id":"VCID-479a-zv6z-2feu","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5839","reference_id":"","reference_type":"","scores":[{"value":"0.02828","scoring_system":"epss","scoring_elements":"0.86418","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839","reference_id":"CVE-2012-5839","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5839"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-479a-zv6z-2feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2318?format=json","vulnerability_id":"VCID-47rg-f2g6-hyff","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1975","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87451","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975","reference_id":"CVE-2012-1975","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1975"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47rg-f2g6-hyff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=json","vulnerability_id":"VCID-48bp-txah-9qbh","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2365","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.8564","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365","reference_id":"CVE-2011-2365","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2365"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48bp-txah-9qbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2785?format=json","vulnerability_id":"VCID-48rt-hx1w-p7ct","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0069","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88824","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700642","reference_id":"700642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700642"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069","reference_id":"CVE-2011-0069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48rt-hx1w-p7ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2462?format=json","vulnerability_id":"VCID-4bey-3rug-uuev","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed.  This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3835","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463182","reference_id":"463182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835","reference_id":"CVE-2008-3835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-38","reference_id":"mfsa2008-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-3835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bey-3rug-uuev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=json","vulnerability_id":"VCID-4ch9-f2dm-17f1","summary":"Security researcher Masato Kinugawa found that during the\ndecoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024\nbytes are treated incorrectly, either doubling or deleting bytes. On certain\npages it might be possible for an attacker to pad the output of the page such\nthat these errors fall in the right place to affect the structure of the page,\nallowing for cross-site script (XSS) injection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0477","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72828","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815026","reference_id":"815026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477","reference_id":"CVE-2012-0477","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29","reference_id":"mfsa2012-29","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ch9-f2dm-17f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2661?format=json","vulnerability_id":"VCID-4fs2-bedf-wbg3","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1304","reference_id":"","reference_type":"","scores":[{"value":"0.06664","scoring_system":"epss","scoring_elements":"0.9136","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496255","reference_id":"496255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304","reference_id":"CVE-2009-1304","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1304"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fs2-bedf-wbg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=json","vulnerability_id":"VCID-4fvg-h8g2-uqhk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1211","reference_id":"","reference_type":"","scores":[{"value":"0.03871","scoring_system":"epss","scoring_elements":"0.88428","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1211"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615455","reference_id":"615455","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211","reference_id":"CVE-2010-1211","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34","reference_id":"mfsa2010-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1211"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fvg-h8g2-uqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2865?format=json","vulnerability_id":"VCID-4hm6-cvca-q3dz","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0066","reference_id":"","reference_type":"","scores":[{"value":"0.05626","scoring_system":"epss","scoring_elements":"0.90474","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0066"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700657","reference_id":"700657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066","reference_id":"CVE-2011-0066","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hm6-cvca-q3dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2235?format=json","vulnerability_id":"VCID-4khp-3yca-efa6","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4179","reference_id":"","reference_type":"","scores":[{"value":"0.06071","scoring_system":"epss","scoring_elements":"0.90885","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179","reference_id":"CVE-2012-4179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4179"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4khp-3yca-efa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=json","vulnerability_id":"VCID-4mej-pecf-mba2","summary":"Firefox user zbyte reported a crash that we determined\ncould result in an exploitable memory corruption problem. In certain cases\nafter a return from a native function, such as escape(), the\nJust-in-Time (JIT) compiler could get into a corrupt state. This could be\nexploited by an attacker to run arbitrary code such as installing malware.\nWe would like to thank community members Lucas\nKruijswijk and Nochum Sossonko for isolating\nthe problematic script from the original crashing site.\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2477","reference_id":"","reference_type":"","scores":[{"value":"0.83306","scoring_system":"epss","scoring_elements":"0.99287","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477","reference_id":"CVE-2009-2477","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html","reference_id":"CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html"},{"reference_url":"https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/","reference_id":"CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb","reference_id":"CVE-2009-2477;OSVDB-55846","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl","reference_id":"CVE-2009-2477;OSVDB-55846","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41","reference_id":"mfsa2009-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html","reference_id":"OSVDB-55932;CVE-2009-2478;OSVDB-55846;CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mej-pecf-mba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=json","vulnerability_id":"VCID-4q1f-9mtr-4ufm","summary":"Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. \nFirefox 9 and earlier are not affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0452","reference_id":"","reference_type":"","scores":[{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83103","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=789506","reference_id":"789506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=789506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452","reference_id":"CVE-2012-0452","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-10","reference_id":"mfsa2012-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-10"},{"reference_url":"https://usn.ubuntu.com/1360-1/","reference_id":"USN-1360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1360-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0452"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q1f-9mtr-4ufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2391?format=json","vulnerability_id":"VCID-4qgz-6wnq-s3b8","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1948","reference_id":"","reference_type":"","scores":[{"value":"0.03101","scoring_system":"epss","scoring_elements":"0.87027","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840201","reference_id":"840201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948","reference_id":"CVE-2012-1948","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42","reference_id":"mfsa2012-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1948"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qgz-6wnq-s3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=json","vulnerability_id":"VCID-4s1y-4wue-qkdj","summary":"Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1202","reference_id":"","reference_type":"","scores":[{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70993","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413","reference_id":"617413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=684386","reference_id":"684386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=684386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202","reference_id":"CVE-2011-1202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18","reference_id":"mfsa2011-18","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-1202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4s1y-4wue-qkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=json","vulnerability_id":"VCID-4uw5-jy37-47g7","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3379","reference_id":"","reference_type":"","scores":[{"value":"0.04866","scoring_system":"epss","scoring_elements":"0.89711","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3379"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=531765","reference_id":"531765","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=531765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196","reference_id":"669196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379","reference_id":"CVE-2009-3379","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1561","reference_id":"RHSA-2009:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1561"},{"reference_url":"https://usn.ubuntu.com/861-1/","reference_id":"USN-861-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/861-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uw5-jy37-47g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2289?format=json","vulnerability_id":"VCID-4vcw-dt9x-wqdd","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5835","reference_id":"","reference_type":"","scores":[{"value":"0.00894","scoring_system":"epss","scoring_elements":"0.75919","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835","reference_id":"CVE-2012-5835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcw-dt9x-wqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=json","vulnerability_id":"VCID-4vst-t6ee-4yay","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1832","reference_id":"","reference_type":"","scores":[{"value":"0.1037","scoring_system":"epss","scoring_elements":"0.93322","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503569","reference_id":"503569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832","reference_id":"CVE-2009-1832","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1832"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vst-t6ee-4yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=json","vulnerability_id":"VCID-4w5k-qnky-ybdy","summary":"Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed.  Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.903","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283","reference_id":"642283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180","reference_id":"CVE-2010-3180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66","reference_id":"mfsa2010-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3180"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5k-qnky-ybdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2124?format=json","vulnerability_id":"VCID-4wrh-r3y9-kyb2","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted.  This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0175","reference_id":"","reference_type":"","scores":[{"value":"0.06689","scoring_system":"epss","scoring_elements":"0.91381","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578149","reference_id":"578149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175","reference_id":"CVE-2010-0175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17","reference_id":"mfsa2010-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wrh-r3y9-kyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2125?format=json","vulnerability_id":"VCID-4yrw-kmpa-z7dz","summary":"Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content.  These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer.  An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3772","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.903","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660419","reference_id":"660419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772","reference_id":"CVE-2010-3772","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-77","reference_id":"mfsa2010-77","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-77"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3772"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yrw-kmpa-z7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2355?format=json","vulnerability_id":"VCID-53t6-ecve-13g2","summary":"Mozilla community member Ms2ger reported a crash due to an\ninvalid cast when using the instanceof operator on certain types of JavaScript\nobjects. This can lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3989","reference_id":"","reference_type":"","scores":[{"value":"0.00854","scoring_system":"epss","scoring_elements":"0.75249","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863620","reference_id":"863620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989","reference_id":"CVE-2012-3989","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-80","reference_id":"mfsa2012-80","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-80"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53t6-ecve-13g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2359?format=json","vulnerability_id":"VCID-55j1-htng-9ydy","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found a heap corruption in gfxImageSurface which\nallows for invalid frees and possible remote code execution. This happens due to\nfloat error, resulting from graphics values being passed through different\nnumber systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0470","reference_id":"","reference_type":"","scores":[{"value":"0.05707","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815020","reference_id":"815020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470","reference_id":"CVE-2012-0470","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23","reference_id":"mfsa2012-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0470"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55j1-htng-9ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2160?format=json","vulnerability_id":"VCID-58ej-gc1s-t7ha","summary":"Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine.  This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font.  An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1028","reference_id":"","reference_type":"","scores":[{"value":"0.09896","scoring_system":"epss","scoring_elements":"0.93128","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1028"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566596","reference_id":"566596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566596"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085","reference_id":"787085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028","reference_id":"CVE-2010-1028","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08","reference_id":"mfsa2010-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1028"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58ej-gc1s-t7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2117?format=json","vulnerability_id":"VCID-58qe-8axq-u3ad","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1215","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65561","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1215"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615463","reference_id":"615463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215","reference_id":"CVE-2010-1215","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38","reference_id":"mfsa2010-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1215"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58qe-8axq-u3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=json","vulnerability_id":"VCID-5d21-y9nj-cqgm","summary":"Mozilla added the OTS\nfont sanitizing library to prevent downloadable fonts from exposing\nvulnerabilities in the underlying OS font code. This library mitigates\nagainst several issues independently reported by Red Hat Security\nResponse Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3768","reference_id":"","reference_type":"","scores":[{"value":"0.06139","scoring_system":"epss","scoring_elements":"0.90944","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660420","reference_id":"660420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768","reference_id":"CVE-2010-3768","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-78","reference_id":"mfsa2010-78","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-78"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3768"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d21-y9nj-cqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=json","vulnerability_id":"VCID-5d9g-kv5g-27d2","summary":"Using the Address Sanitizer tool, security researcher Aki\nHelin from OUSPG found that IDBKeyRange of indexedDB remains in the\nXPConnect hashtable instead of being unlinked before being destroyed. When it is\ndestroyed, this causes a use-after-free, which is potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0469","reference_id":"","reference_type":"","scores":[{"value":"0.17081","scoring_system":"epss","scoring_elements":"0.95105","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815019","reference_id":"815019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469","reference_id":"CVE-2012-0469","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22","reference_id":"mfsa2012-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0469"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d9g-kv5g-27d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=json","vulnerability_id":"VCID-5e33-3pm6-b7e4","summary":"Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text.  These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1571","reference_id":"","reference_type":"","scores":[{"value":"0.07108","scoring_system":"epss","scoring_elements":"0.91662","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1571"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566050","reference_id":"566050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571","reference_id":"CVE-2009-1571","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-03","reference_id":"mfsa2010-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1571"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e33-3pm6-b7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=json","vulnerability_id":"VCID-5eu6-8wqn-8udn","summary":"Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0449","reference_id":"","reference_type":"","scores":[{"value":"0.03949","scoring_system":"epss","scoring_elements":"0.88544","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785966","reference_id":"785966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449","reference_id":"CVE-2012-0449","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08","reference_id":"mfsa2012-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0449"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu6-8wqn-8udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72000?format=json","vulnerability_id":"VCID-5h1q-1cv5-s3b8","summary":"firefox: information leak due to XSLT","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1712","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56242","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=697732","reference_id":"697732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=697732"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-1712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h1q-1cv5-s3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2876?format=json","vulnerability_id":"VCID-5jra-q7ve-d3h8","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3652","reference_id":"","reference_type":"","scores":[{"value":"0.03926","scoring_system":"epss","scoring_elements":"0.88511","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652","reference_id":"CVE-2011-3652","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jra-q7ve-d3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2127?format=json","vulnerability_id":"VCID-5mat-a9vu-nfff","summary":"Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript.  If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72828","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290","reference_id":"642290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177","reference_id":"CVE-2010-3177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68","reference_id":"mfsa2010-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mat-a9vu-nfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2365?format=json","vulnerability_id":"VCID-5ms1-cy9k-2fdb","summary":"Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4191","reference_id":"","reference_type":"","scores":[{"value":"0.01678","scoring_system":"epss","scoring_elements":"0.82475","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865286","reference_id":"865286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191","reference_id":"CVE-2012-4191","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88","reference_id":"mfsa2012-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88"},{"reference_url":"https://usn.ubuntu.com/1608-1/","reference_id":"USN-1608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1608-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4191"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ms1-cy9k-2fdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=json","vulnerability_id":"VCID-5p1r-wxng-wbaj","summary":"Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4204","reference_id":"","reference_type":"","scores":[{"value":"0.02253","scoring_system":"epss","scoring_elements":"0.84862","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877624","reference_id":"877624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204","reference_id":"CVE-2012-4204","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96","reference_id":"mfsa2012-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p1r-wxng-wbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2331?format=json","vulnerability_id":"VCID-5ppx-c568-kkc6","summary":"Security researcher Soroush Dalili reported that a\ncombination of invoking full screen mode and navigating backwards in history\ncould, in some circumstances, cause a hang or crash due to a timing dependent\nuse-after-free pointer reference. This crash may be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3988","reference_id":"","reference_type":"","scores":[{"value":"0.0399","scoring_system":"epss","scoring_elements":"0.88604","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863619","reference_id":"863619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988","reference_id":"CVE-2012-3988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-79","reference_id":"mfsa2012-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ppx-c568-kkc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=json","vulnerability_id":"VCID-5px5-rt4z-b7fs","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3969","reference_id":"","reference_type":"","scores":[{"value":"0.05074","scoring_system":"epss","scoring_elements":"0.89937","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3969"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922","reference_id":"851922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969","reference_id":"CVE-2012-3969","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63","reference_id":"mfsa2012-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3969"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5px5-rt4z-b7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=json","vulnerability_id":"VCID-5q44-hdc9-tqb1","summary":"Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space.  If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0056","reference_id":"","reference_type":"","scores":[{"value":"0.09158","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675092","reference_id":"675092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056","reference_id":"CVE-2011-0056","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-05","reference_id":"mfsa2011-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0056"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q44-hdc9-tqb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=json","vulnerability_id":"VCID-5ua9-4mhs-zkdj","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3981","reference_id":"","reference_type":"","scores":[{"value":"0.04649","scoring_system":"epss","scoring_elements":"0.89464","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3981"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546713","reference_id":"546713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981","reference_id":"CVE-2009-3981","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ua9-4mhs-zkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2867?format=json","vulnerability_id":"VCID-5uyz-ue98-kkbt","summary":"Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3650","reference_id":"","reference_type":"","scores":[{"value":"0.01271","scoring_system":"epss","scoring_elements":"0.79829","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3650"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751933","reference_id":"751933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650","reference_id":"CVE-2011-3650","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49","reference_id":"mfsa2011-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3650"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uyz-ue98-kkbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=json","vulnerability_id":"VCID-5v52-h1rp-13bx","summary":"Firefox prevents the dropping of javascript: links onto a frame\nto prevent malicious sites from tricking users into performing a cross-site\nscripting (XSS) attacks on themselves. Security researcher Soroush\nDalili reported a way to bypass this protection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0455","reference_id":"","reference_type":"","scores":[{"value":"0.01144","scoring_system":"epss","scoring_elements":"0.78748","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803119","reference_id":"803119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455","reference_id":"CVE-2012-0455","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13","reference_id":"mfsa2012-13","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v52-h1rp-13bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2796?format=json","vulnerability_id":"VCID-5vwk-nwpu-gfhw","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0062","reference_id":"","reference_type":"","scores":[{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92462","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675083","reference_id":"675083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675083"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062","reference_id":"CVE-2011-0062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01","reference_id":"mfsa2011-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0062"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwk-nwpu-gfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2836?format=json","vulnerability_id":"VCID-5x9v-qerc-37gg","summary":"Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3661","reference_id":"","reference_type":"","scores":[{"value":"0.04527","scoring_system":"epss","scoring_elements":"0.89333","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661","reference_id":"CVE-2011-3661","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54","reference_id":"mfsa2011-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3661"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5x9v-qerc-37gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2463?format=json","vulnerability_id":"VCID-5xwh-7b2a-uydt","summary":"Mozilla security researcher moz_bug_r_a4 reported\nvulnerabilities in the session-restore feature by which content could be\ninjected into an incorrect document storage location, including\nstorage locations for other domains.  An attacker could utilize these\nissues to violate the browser's same-origin policy and perform an XSS\nattack while SessionStore data is being restored.moz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5513","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78291","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476289","reference_id":"476289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513","reference_id":"CVE-2008-5513","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-69","reference_id":"mfsa2008-69","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xwh-7b2a-uydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2878?format=json","vulnerability_id":"VCID-61aa-8jww-jbb5","summary":"Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image.  An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0061","reference_id":"","reference_type":"","scores":[{"value":"0.03978","scoring_system":"epss","scoring_elements":"0.88592","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675095","reference_id":"675095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061","reference_id":"CVE-2011-0061","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-09","reference_id":"mfsa2011-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61aa-8jww-jbb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2210?format=json","vulnerability_id":"VCID-6217-dck9-hqht","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed.  The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1209","reference_id":"","reference_type":"","scores":[{"value":"0.02213","scoring_system":"epss","scoring_elements":"0.84732","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615459","reference_id":"615459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209","reference_id":"CVE-2010-1209","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36","reference_id":"mfsa2010-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1209"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6217-dck9-hqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2814?format=json","vulnerability_id":"VCID-64g4-tpfq-7qf4","summary":"Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed.  This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2373","reference_id":"","reference_type":"","scores":[{"value":"0.03792","scoring_system":"epss","scoring_elements":"0.88273","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714577","reference_id":"714577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373","reference_id":"CVE-2011-2373","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-20","reference_id":"mfsa2011-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64g4-tpfq-7qf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=json","vulnerability_id":"VCID-6bkj-wqzq-5bgs","summary":"Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability.  The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow.  When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2765","reference_id":"","reference_type":"","scores":[{"value":"0.04021","scoring_system":"epss","scoring_elements":"0.88655","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630056","reference_id":"630056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765","reference_id":"CVE-2010-2765","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50","reference_id":"mfsa2010-50","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bkj-wqzq-5bgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2185?format=json","vulnerability_id":"VCID-6chh-16fh-p3a4","summary":"Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run.  This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1210","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615474","reference_id":"615474","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210","reference_id":"CVE-2010-1210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44","reference_id":"mfsa2010-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6chh-16fh-p3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2156?format=json","vulnerability_id":"VCID-6cxk-w6ct-2qcp","summary":"Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed.  An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2767","reference_id":"","reference_type":"","scores":[{"value":"0.0476","scoring_system":"epss","scoring_elements":"0.89611","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630059","reference_id":"630059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767","reference_id":"CVE-2010-2767","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51","reference_id":"mfsa2010-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cxk-w6ct-2qcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2225?format=json","vulnerability_id":"VCID-6ewf-t4h5-jyaf","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3967","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6957","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920","reference_id":"851920","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967","reference_id":"CVE-2012-3967","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62","reference_id":"mfsa2012-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3967"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewf-t4h5-jyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2432?format=json","vulnerability_id":"VCID-6f2s-hecz-2yha","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5501","reference_id":"","reference_type":"","scores":[{"value":"0.04539","scoring_system":"epss","scoring_elements":"0.89346","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476267","reference_id":"476267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501","reference_id":"CVE-2008-5501","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f2s-hecz-2yha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2128?format=json","vulnerability_id":"VCID-6m78-bdd6-vfgw","summary":"Security researcher Gregory Fleischer reported\nthat when a Java LiveConnect script was loaded via\na data: URL which redirects via a meta refresh, then the\nresulting plugin object was created with the wrong security principal\nand thus received elevated privileges such as the abilities to read\nlocal files, launch processes, and create network connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3775","reference_id":"","reference_type":"","scores":[{"value":"0.03473","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660422","reference_id":"660422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775","reference_id":"CVE-2010-3775","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-79","reference_id":"mfsa2010-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3775"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6m78-bdd6-vfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74319?format=json","vulnerability_id":"VCID-6mgf-gnw9-3yeg","summary":"Thunderbird mail crash","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2210","reference_id":"","reference_type":"","scores":[{"value":"0.05533","scoring_system":"epss","scoring_elements":"0.90393","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=507812","reference_id":"507812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=507812"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1134","reference_id":"RHSA-2009:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mgf-gnw9-3yeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=json","vulnerability_id":"VCID-6mxs-cd1d-qkh3","summary":"Web developer Cefn Hoile reported that sites which\nallow users to embed third-party stylesheets are vulnerable to script\ninjection attacks using XBL bindings.  While this behavior was\ndocumented previously, it was determined that this particular risk was\nnot well-understood by some websites.  To mitigate this risk Mozilla\nadded a restriction that requires XBL bindings to come from the same\norigin as the bound document.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1308","reference_id":"","reference_type":"","scores":[{"value":"0.01099","scoring_system":"epss","scoring_elements":"0.78329","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1308"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496266","reference_id":"496266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308","reference_id":"CVE-2009-1308","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-18","reference_id":"mfsa2009-18","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1308"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxs-cd1d-qkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=json","vulnerability_id":"VCID-6vvv-yczm-pue9","summary":"Dirk Heinrich reported that on Windows platforms\nwhen document.write() was called with a very long string\na buffer overflow was caused in line breaking routines attempting to\nprocess the string for display.  Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3769","reference_id":"","reference_type":"","scores":[{"value":"0.08397","scoring_system":"epss","scoring_elements":"0.92443","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769","reference_id":"CVE-2010-3769","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-75","reference_id":"mfsa2010-75","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vvv-yczm-pue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=json","vulnerability_id":"VCID-6w8d-f2v4-4bd4","summary":"Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5841","reference_id":"","reference_type":"","scores":[{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76149","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877628","reference_id":"877628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841","reference_id":"CVE-2012-5841","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100","reference_id":"mfsa2012-100","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5841"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w8d-f2v4-4bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2183?format=json","vulnerability_id":"VCID-72a2-1hry-zqd5","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3776","reference_id":"","reference_type":"","scores":[{"value":"0.03853","scoring_system":"epss","scoring_elements":"0.88399","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660408","reference_id":"660408","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776","reference_id":"CVE-2010-3776","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72a2-1hry-zqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2619?format=json","vulnerability_id":"VCID-76dz-7sqa-fqdn","summary":"Microsoft security researchers Shuo\nChen, Ziqing Mao, Yi-Min\nWang, and Ming Zhang reported that when a\nCONNECT request is sent to a proxy server and a non-200 response is\nreturned, then the body of the response is incorrectly rendered\nwithin the context of the request Host: header.  An\nactive network attacker could use this vulnerability to intercept a\nCONNECT request and reply with a non-200 response containing malicious\ncode which would be executed within the context of the victim's\nrequested SSL-protected domain.  Since this attack requires the victim\nto have a proxy configured, the severity of this issue was determined\nto be high.Thunderbird mail messages are not vulnerable to this flaw,\nbut if Thunderbird were being used in a browser-like manner (through Add-ons,\nperhaps) and JavaScript were enabled (not the default setting) then users could\nbe vulnerable to this flaw in older versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1836","reference_id":"","reference_type":"","scores":[{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.84085","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503578","reference_id":"503578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836","reference_id":"CVE-2009-1836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27","reference_id":"mfsa2009-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76dz-7sqa-fqdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=json","vulnerability_id":"VCID-76s6-dzts-b7b6","summary":"Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument.  The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext.  The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate.  A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2751","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615480","reference_id":"615480","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751","reference_id":"CVE-2010-2751","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45","reference_id":"mfsa2010-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2751"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76s6-dzts-b7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2314?format=json","vulnerability_id":"VCID-7aj6-mfpj-myb3","summary":"Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4184","reference_id":"","reference_type":"","scores":[{"value":"0.01102","scoring_system":"epss","scoring_elements":"0.78348","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4184"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623","reference_id":"863623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184","reference_id":"CVE-2012-4184","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83","reference_id":"mfsa2012-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4184"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aj6-mfpj-myb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2792?format=json","vulnerability_id":"VCID-7brb-puuf-fya8","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0072","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.8893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0072"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700622","reference_id":"700622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072","reference_id":"CVE-2011-0072","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7brb-puuf-fya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2193?format=json","vulnerability_id":"VCID-7dzj-wguk-j3bs","summary":"Morten Kråkvik of Telenor SOC reported an exploit\ntargeting particular versions of Firefox 3.6 on Windows XP that\nTelenor found while investigating an intrusion attempt on a customer\nnetwork. The underlying vulnerability, however, was present on both\nthe Firefox 3.5 and Firefox 3.6 development branches and affected all\nsupported platforms.Reading mail in Thunderbird does not pose a risk to\nusers, however the vulnerability is present and could be triggered in\nRSS feeds if JavaScript is enabled or by an add-on that enables\nbrowser-like functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3765","reference_id":"","reference_type":"","scores":[{"value":"0.86773","scoring_system":"epss","scoring_elements":"0.99439","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3765"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0061","reference_id":"0061","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0061"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html","reference_id":"050061.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html","reference_id":"050077.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html","reference_id":"050154.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html","reference_id":"050233.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114329","reference_id":"100114329","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114329"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114335","reference_id":"100114335","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114335"},{"reference_url":"http://www.norman.com/security_center/virus_description_archive/129146/","reference_id":"129146","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.norman.com/security_center/virus_description_archive/129146/"},{"reference_url":"http://www.norman.com/about_norman/press_center/news_archive/2010/129223/","reference_id":"129223","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.norman.com/about_norman/press_center/news_archive/2010/129223/"},{"reference_url":"http://www.exploit-db.com/exploits/15341","reference_id":"15341","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15341"},{"reference_url":"http://www.exploit-db.com/exploits/15342","reference_id":"15342","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15342"},{"reference_url":"http://www.exploit-db.com/exploits/15352","reference_id":"15352","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15352"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2837","reference_id":"2837","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2837"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2857","reference_id":"2857","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2857"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2864","reference_id":"2864","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2864"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2871","reference_id":"2871","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2871"},{"reference_url":"http://secunia.com/advisories/41761","reference_id":"41761","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41761"},{"reference_url":"http://secunia.com/advisories/41965","reference_id":"41965","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41965"},{"reference_url":"http://secunia.com/advisories/41966","reference_id":"41966","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41966"},{"reference_url":"http://secunia.com/advisories/41969","reference_id":"41969","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41969"},{"reference_url":"http://secunia.com/advisories/41975","reference_id":"41975","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41975"},{"reference_url":"http://secunia.com/advisories/42003","reference_id":"42003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42003"},{"reference_url":"http://secunia.com/advisories/42008","reference_id":"42008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42008"},{"reference_url":"http://secunia.com/advisories/42043","reference_id":"42043","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42043"},{"reference_url":"http://secunia.com/advisories/42867","reference_id":"42867","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42867"},{"reference_url":"http://www.securityfocus.com/bid/44425","reference_id":"44425","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securityfocus.com/bid/44425"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=646997","reference_id":"646997","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=646997"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:213","reference_id":"advisories?name=MDVSA-2010:213","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:213"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:219","reference_id":"advisories?name=MDVSA-2010:219","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:219"},{"reference_url":"http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/","reference_id":"critical-vulnerability-in-firefox-3-5-and-firefox-3-6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765","reference_id":"CVE-2010-3765","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html","reference_id":"CVE-2010-3765;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb","reference_id":"CVE-2010-3765;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html","reference_id":"CVE-2010-3765;OSVDB-68921","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222","reference_id":"CVE-2010-3765;OSVDB-68921;OSVDB-68905","reference_type":"exploit","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html","reference_id":"CVE-2010-3765;OSVDB-68921;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html"},{"reference_url":"http://isc.sans.edu/diary.html?storyid=9817","reference_id":"diary.html?storyid=9817","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://isc.sans.edu/diary.html?storyid=9817"},{"reference_url":"http://www.debian.org/security/2010/dsa-2124","reference_id":"dsa-2124","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.debian.org/security/2010/dsa-2124"},{"reference_url":"http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter","reference_id":"en?utm_source=twitterfeed&utm_medium=twitter","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"http://www.securitytracker.com/id?1024645","reference_id":"id?1024645","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024645"},{"reference_url":"http://www.securitytracker.com/id?1024650","reference_id":"id?1024650","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024650"},{"reference_url":"http://www.securitytracker.com/id?1024651","reference_id":"id?1024651","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024651"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-73","reference_id":"mfsa2010-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-73"},{"reference_url":"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html","reference_id":"mfsa2010-73.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"},{"reference_url":"http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox","reference_id":"multiple_vulnerabilities_in_mozilla_firefox","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A12108","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0808","reference_id":"RHSA-2010:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0808"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0808.html","reference_id":"RHSA-2010-0808.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0809","reference_id":"RHSA-2010:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0809"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0809.html","reference_id":"RHSA-2010-0809.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0809.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0810","reference_id":"RHSA-2010:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0810"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0810.html","reference_id":"RHSA-2010-0810.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0810.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0812","reference_id":"RHSA-2010:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0812"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2010-0812.html","reference_id":"RHSA-2010-0812.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://rhn.redhat.com/errata/RHSA-2010-0812.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0861.html","reference_id":"RHSA-2010-0861.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0861.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0896.html","reference_id":"RHSA-2010-0896.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0896.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53","reference_id":"show_bug.cgi?id=607222#c53","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53"},{"reference_url":"http://www.ubuntu.com/usn/usn-1011-1","reference_id":"usn-1011-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/usn-1011-1"},{"reference_url":"https://usn.ubuntu.com/1011-1/","reference_id":"USN-1011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-1/"},{"reference_url":"https://usn.ubuntu.com/1011-2/","reference_id":"USN-1011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-2/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1011-2","reference_id":"USN-1011-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/USN-1011-2"},{"reference_url":"https://usn.ubuntu.com/1011-3/","reference_id":"USN-1011-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-3/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1011-3","reference_id":"USN-1011-3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/USN-1011-3"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706","reference_id":"viewer.php?l=slackware-security&y=2010&m=slackware-security.556706","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dzj-wguk-j3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2476?format=json","vulnerability_id":"VCID-7hxm-91q8-37de","summary":"An anonymous security researcher reported via TippingPoint's Zero\nDay Initiative that insufficient checks were being performed to test\nwhether the Flash module was properly dynamically unloaded.\nThe researcher demonstrated that a SWF file which dynamically unloads\nitself from an outside JavaScript function can cause the browser to access\na memory address no longer mapped to the Flash module, resulting in a\ncrash.  This crash could be used by an attacker to run arbitrary code\non a victim's computer.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5013","reference_id":"","reference_type":"","scores":[{"value":"0.2392","scoring_system":"epss","scoring_elements":"0.96119","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470867","reference_id":"470867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013","reference_id":"CVE-2008-5013","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49","reference_id":"mfsa2008-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxm-91q8-37de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2395?format=json","vulnerability_id":"VCID-7q2k-463k-ryg1","summary":"Security researchers Jordi Chancel and Eddy\nBordi reported that they could short-circuit page loads to show the\naddress of a different site than what is loaded in the window in the addressbar.\nSecurity researcher Chris McGowen independently reported the\nsame flaw, and further demonstrated that this could lead to loading scripts from\nthe attacker's site, leaving users vulnerable to cross-site scripting (XSS)\nattacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0474","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72001","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815024","reference_id":"815024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474","reference_id":"CVE-2012-0474","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27","reference_id":"mfsa2012-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0474"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q2k-463k-ryg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=json","vulnerability_id":"VCID-7q63-dfrh-wuh3","summary":"Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements.  This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2369","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49116","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369","reference_id":"CVE-2011-2369","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-27","reference_id":"mfsa2011-27","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-27"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2369"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q63-dfrh-wuh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=json","vulnerability_id":"VCID-7st2-j9h1-mfdg","summary":"Mozilla developer Johnny Stenback discovered that several\nmethods of a feature used for testing (DOMWindowUtils) are not protected by\nexisting security checks, allowing these methods to be called through script by\nweb pages. This was addressed by adding the existing security checks to these\nmethods.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3986","reference_id":"","reference_type":"","scores":[{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863618","reference_id":"863618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986","reference_id":"CVE-2012-3986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-77","reference_id":"mfsa2012-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-77"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7st2-j9h1-mfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=json","vulnerability_id":"VCID-7vd9-7uht-j3e7","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed.  In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3168","reference_id":"","reference_type":"","scores":[{"value":"0.05398","scoring_system":"epss","scoring_elements":"0.90265","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3168"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630064","reference_id":"630064","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168","reference_id":"CVE-2010-3168","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55","reference_id":"mfsa2010-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3168"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vd9-7uht-j3e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2575?format=json","vulnerability_id":"VCID-7vzr-cjqw-c3az","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462","reference_id":"","reference_type":"","scores":[{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87715","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128","reference_id":"512128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462","reference_id":"CVE-2009-2462","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vzr-cjqw-c3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2632?format=json","vulnerability_id":"VCID-7w8b-kkj8-efg1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0353","reference_id":"","reference_type":"","scores":[{"value":"0.0678","scoring_system":"epss","scoring_elements":"0.91448","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483141","reference_id":"483141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353","reference_id":"CVE-2009-0353","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01","reference_id":"mfsa2009-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0353"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7w8b-kkj8-efg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2626?format=json","vulnerability_id":"VCID-7xf8-83su-tuet","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664","reference_id":"","reference_type":"","scores":[{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.8682","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341","reference_id":"1618341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664","reference_id":"CVE-2009-2664","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xf8-83su-tuet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2850?format=json","vulnerability_id":"VCID-83vx-q5b9-pfax","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2375","reference_id":"","reference_type":"","scores":[{"value":"0.0287","scoring_system":"epss","scoring_elements":"0.86512","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375","reference_id":"CVE-2011-2375","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83vx-q5b9-pfax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2857?format=json","vulnerability_id":"VCID-84n5-7t1b-e3de","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3658","reference_id":"","reference_type":"","scores":[{"value":"0.75876","scoring_system":"epss","scoring_elements":"0.98934","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3658"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658","reference_id":"CVE-2011-3658","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb","reference_id":"CVE-2011-3658;OSVDB-77953","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-12-056/","reference_id":"CVE-2011-3658;OSVDB-77953","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/ZDI-12-056/"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55","reference_id":"mfsa2011-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3658"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84n5-7t1b-e3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=json","vulnerability_id":"VCID-88qm-sqq1-g3ck","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2376","reference_id":"","reference_type":"","scores":[{"value":"0.02371","scoring_system":"epss","scoring_elements":"0.85213","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376","reference_id":"CVE-2011-2376","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88qm-sqq1-g3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2229?format=json","vulnerability_id":"VCID-8ajm-cdtz-gbe6","summary":"Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4193","reference_id":"","reference_type":"","scores":[{"value":"0.01406","scoring_system":"epss","scoring_elements":"0.80782","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4193"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865215","reference_id":"865215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193","reference_id":"CVE-2012-4193","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89","reference_id":"mfsa2012-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1361","reference_id":"RHSA-2012:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1362","reference_id":"RHSA-2012:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1362"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ajm-cdtz-gbe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2663?format=json","vulnerability_id":"VCID-8bcy-rzxv-pbcy","summary":"Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL.  If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer.  Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1835","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81704","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503576","reference_id":"503576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835","reference_id":"CVE-2009-1835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26","reference_id":"mfsa2009-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bcy-rzxv-pbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=json","vulnerability_id":"VCID-8c5a-phhj-6kek","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3970","reference_id":"","reference_type":"","scores":[{"value":"0.02745","scoring_system":"epss","scoring_elements":"0.86233","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3970"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922","reference_id":"851922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970","reference_id":"CVE-2012-3970","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63","reference_id":"mfsa2012-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c5a-phhj-6kek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2191?format=json","vulnerability_id":"VCID-8dat-6cwu-cbfh","summary":"Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser.  This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0178","reference_id":"","reference_type":"","scores":[{"value":"0.03519","scoring_system":"epss","scoring_elements":"0.87843","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578154","reference_id":"578154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178","reference_id":"CVE-2010-0178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20","reference_id":"mfsa2010-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dat-6cwu-cbfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2200?format=json","vulnerability_id":"VCID-8djv-agez-ekdf","summary":"Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems.  The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2770","reference_id":"","reference_type":"","scores":[{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86663","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770","reference_id":"CVE-2010-2770","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58","reference_id":"mfsa2010-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2770"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8djv-agez-ekdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2190?format=json","vulnerability_id":"VCID-8f9d-wjv2-8kfj","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0174","reference_id":"","reference_type":"","scores":[{"value":"0.03507","scoring_system":"epss","scoring_elements":"0.87824","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578147","reference_id":"578147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174","reference_id":"CVE-2010-0174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8f9d-wjv2-8kfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88952?format=json","vulnerability_id":"VCID-8gvs-b724-9yfd","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6961","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71187","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-6961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvs-b724-9yfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2171?format=json","vulnerability_id":"VCID-8j92-vm1q-kqbk","summary":"Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random().  Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user.  This additional variant is\nidentified as CVE-2010-3171.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5913","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63115","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5913"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=480938","reference_id":"480938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=480938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913","reference_id":"CVE-2008-5913","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33","reference_id":"mfsa2010-33","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5913"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8j92-vm1q-kqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2231?format=json","vulnerability_id":"VCID-8qn7-4rcc-v7bx","summary":"Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76332","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851929","reference_id":"851929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975","reference_id":"CVE-2012-3975","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-68","reference_id":"mfsa2012-68","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-68"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3975"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qn7-4rcc-v7bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2627?format=json","vulnerability_id":"VCID-8sxb-49bw-g3fn","summary":"Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way.  This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page.  An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3984","reference_id":"","reference_type":"","scores":[{"value":"0.0205","scoring_system":"epss","scoring_elements":"0.84152","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546722","reference_id":"546722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984","reference_id":"CVE-2009-3984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69","reference_id":"mfsa2009-69","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sxb-49bw-g3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2825?format=json","vulnerability_id":"VCID-8x81-ek8m-rbbh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2980","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17825","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980","reference_id":"CVE-2011-2980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2980"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x81-ek8m-rbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2290?format=json","vulnerability_id":"VCID-8zph-aky5-aycp","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5838","reference_id":"","reference_type":"","scores":[{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77552","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877945","reference_id":"877945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838","reference_id":"CVE-2012-5838","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zph-aky5-aycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=json","vulnerability_id":"VCID-94h3-jftn-tqg2","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5843","reference_id":"","reference_type":"","scores":[{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81622","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5843"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877613","reference_id":"877613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843","reference_id":"CVE-2012-5843","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91","reference_id":"mfsa2012-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94h3-jftn-tqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2336?format=json","vulnerability_id":"VCID-94xc-pjbs-ckar","summary":"Mozilla community member Ms2ger found an image rendering\nissue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects.\nThis can lead to a crash on a maliciously crafted web page. While there is no\nevidence that this is directly exploitable, there is a possibility of remote\ncode execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0478","reference_id":"","reference_type":"","scores":[{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73509","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815037","reference_id":"815037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478","reference_id":"CVE-2012-0478","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30","reference_id":"mfsa2012-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94xc-pjbs-ckar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2372?format=json","vulnerability_id":"VCID-99nn-nb21-pyaz","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3982","reference_id":"","reference_type":"","scores":[{"value":"0.01275","scoring_system":"epss","scoring_elements":"0.79855","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863614","reference_id":"863614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982","reference_id":"CVE-2012-3982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-74","reference_id":"mfsa2012-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99nn-nb21-pyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2308?format=json","vulnerability_id":"VCID-9bde-enk3-9kbq","summary":"Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, writes to\nlocation.hash can be used in concert with scripted history\nnavigation to cause a specific website to be loaded into the history object. The\nbaseURI can then be changed to this stored site, allowing an attacker to inject\na script or intercept posted data posted to a location specified with a relative\npath.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3992","reference_id":"","reference_type":"","scores":[{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78694","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863624","reference_id":"863624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992","reference_id":"CVE-2012-3992","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-84","reference_id":"mfsa2012-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3992"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bde-enk3-9kbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2458?format=json","vulnerability_id":"VCID-9d41-nsk6-sufx","summary":"Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to\nstore cookie-like information on a user's computer which could later\nbe read by a website.  This creates a privacy issue for users who have\na non-standard cookie preference and wish to prevent sites from\nsetting cookies on their machine.  Even with cookies turned off, this\nissue could be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions.  Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5505","reference_id":"","reference_type":"","scores":[{"value":"0.00833","scoring_system":"epss","scoring_elements":"0.74898","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5505"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476274","reference_id":"476274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505","reference_id":"CVE-2008-5505","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-63","reference_id":"mfsa2008-63","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d41-nsk6-sufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=json","vulnerability_id":"VCID-9f3w-zp9z-3yc7","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3982","reference_id":"","reference_type":"","scores":[{"value":"0.08287","scoring_system":"epss","scoring_elements":"0.92369","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982","reference_id":"CVE-2009-3982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f3w-zp9z-3yc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2815?format=json","vulnerability_id":"VCID-9f45-79mn-3ug8","summary":"Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page.  Depending on the page this could potentially be used to\nsteal data or inject script into the page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3648","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56853","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751932","reference_id":"751932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648","reference_id":"CVE-2011-3648","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47","reference_id":"mfsa2011-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1438","reference_id":"RHSA-2011:1438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1440","reference_id":"RHSA-2011:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1440"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f45-79mn-3ug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2456?format=json","vulnerability_id":"VCID-9fbv-p14w-quch","summary":"Security researcher Chris Evans reported an error\nin the method used to parse the default namespace in an E4X document.\nThe error was caused by quote characters in the namespace not being\nproperly escaped.  The severity of this issue was determined to be\nlow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5024","reference_id":"","reference_type":"","scores":[{"value":"0.07219","scoring_system":"epss","scoring_elements":"0.91734","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5024"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470902","reference_id":"470902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024","reference_id":"CVE-2008-5024","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58","reference_id":"mfsa2008-58","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5024"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fbv-p14w-quch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2631?format=json","vulnerability_id":"VCID-9k9z-m4gr-gkc6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0352","reference_id":"","reference_type":"","scores":[{"value":"0.08533","scoring_system":"epss","scoring_elements":"0.92509","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483139","reference_id":"483139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352","reference_id":"CVE-2009-0352","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01","reference_id":"mfsa2009-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0352"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9z-m4gr-gkc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2590?format=json","vulnerability_id":"VCID-9km7-m142-abbt","summary":"Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body.  An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376","reference_id":"","reference_type":"","scores":[{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86853","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168","reference_id":"530168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376","reference_id":"CVE-2009-3376","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62","reference_id":"mfsa2009-62","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9km7-m142-abbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2788?format=json","vulnerability_id":"VCID-9qs9-ys17-v3bg","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0074","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.8893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700617","reference_id":"700617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074","reference_id":"CVE-2011-0074","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qs9-ys17-v3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=json","vulnerability_id":"VCID-9ubz-x94a-w3dr","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0167","reference_id":"","reference_type":"","scores":[{"value":"0.27259","scoring_system":"epss","scoring_elements":"0.96485","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576698","reference_id":"576698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167","reference_id":"CVE-2010-0167","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt","reference_id":"CVE-2010-0167;OSVDB-63267","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt"},{"reference_url":"https://www.securityfocus.com/bid/38944/info","reference_id":"CVE-2010-0167;OSVDB-63267","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38944/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubz-x94a-w3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=json","vulnerability_id":"VCID-9xyn-fzdn-3qen","summary":"Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state.  Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons.  Closing the window\ncauses the dialog to evaluate to true.  An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0051","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76695","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675087","reference_id":"675087","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051","reference_id":"CVE-2011-0051","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-02","reference_id":"mfsa2011-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0312","reference_id":"RHSA-2011:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0051"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyn-fzdn-3qen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2345?format=json","vulnerability_id":"VCID-a1hg-12wv-a7h5","summary":"Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4202","reference_id":"","reference_type":"","scores":[{"value":"0.03493","scoring_system":"epss","scoring_elements":"0.87797","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877615","reference_id":"877615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202","reference_id":"CVE-2012-4202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92","reference_id":"mfsa2012-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1hg-12wv-a7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2649?format=json","vulnerability_id":"VCID-a23w-uvk3-d7g8","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3381","reference_id":"","reference_type":"","scores":[{"value":"0.0585","scoring_system":"epss","scoring_elements":"0.9069","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381","reference_id":"CVE-2009-3381","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3381"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a23w-uvk3-d7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2481?format=json","vulnerability_id":"VCID-a28h-p654-8bgm","summary":"Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol.  The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4067","reference_id":"","reference_type":"","scores":[{"value":"0.02059","scoring_system":"epss","scoring_elements":"0.84185","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463246","reference_id":"463246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463246"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067","reference_id":"CVE-2008-4067","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44","reference_id":"mfsa2008-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4067"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a28h-p654-8bgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2186?format=json","vulnerability_id":"VCID-a2pm-eupm-dfaq","summary":"Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content.  This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0182","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80044","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=586580","reference_id":"586580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=586580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182","reference_id":"CVE-2010-0182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24","reference_id":"mfsa2010-24","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2pm-eupm-dfaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2420?format=json","vulnerability_id":"VCID-a59b-rr52-b3hs","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5017","reference_id":"","reference_type":"","scores":[{"value":"0.17422","scoring_system":"epss","scoring_elements":"0.9518","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470883","reference_id":"470883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017","reference_id":"CVE-2008-5017","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a59b-rr52-b3hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=json","vulnerability_id":"VCID-a6uw-zff3-n3e6","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1938","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79623","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938","reference_id":"CVE-2012-1938","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1938"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6uw-zff3-n3e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2426?format=json","vulnerability_id":"VCID-a85v-byy9-vqf7","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4064","reference_id":"","reference_type":"","scores":[{"value":"0.02287","scoring_system":"epss","scoring_elements":"0.84962","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4064"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463204","reference_id":"463204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064","reference_id":"CVE-2008-4064","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4064"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a85v-byy9-vqf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2315?format=json","vulnerability_id":"VCID-a89m-g6m7-tqbr","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1972","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87451","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972","reference_id":"CVE-2012-1972","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1972"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a89m-g6m7-tqbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2662?format=json","vulnerability_id":"VCID-a8hd-tfek-8yfa","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1305","reference_id":"","reference_type":"","scores":[{"value":"0.04708","scoring_system":"epss","scoring_elements":"0.89536","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496256","reference_id":"496256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305","reference_id":"CVE-2009-1305","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1305"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8hd-tfek-8yfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=json","vulnerability_id":"VCID-a97g-r4rk-sqb3","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1200","reference_id":"","reference_type":"","scores":[{"value":"0.04334","scoring_system":"epss","scoring_elements":"0.89085","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1200"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590804","reference_id":"590804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200","reference_id":"CVE-2010-1200","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1200"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a97g-r4rk-sqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=json","vulnerability_id":"VCID-a9xv-yc56-c3ca","summary":"Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3971","reference_id":"","reference_type":"","scores":[{"value":"0.03136","scoring_system":"epss","scoring_elements":"0.87099","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851923","reference_id":"851923","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971","reference_id":"CVE-2012-3971","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-64","reference_id":"mfsa2012-64","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-64"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3971"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9xv-yc56-c3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2150?format=json","vulnerability_id":"VCID-aa94-6k3c-gua9","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0163","reference_id":"","reference_type":"","scores":[{"value":"0.05442","scoring_system":"epss","scoring_elements":"0.90311","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576391","reference_id":"576391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163","reference_id":"CVE-2010-0163","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aa94-6k3c-gua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2130?format=json","vulnerability_id":"VCID-aejk-rng6-r3dj","summary":"Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images.  Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0168","reference_id":"","reference_type":"","scores":[{"value":"0.12288","scoring_system":"epss","scoring_elements":"0.93978","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168","reference_id":"CVE-2010-0168","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html","reference_id":"CVE-2010-0168;OSVDB-63269","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html"},{"reference_url":"https://www.securityfocus.com/bid/38927/info","reference_id":"CVE-2010-0168;OSVDB-63269","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38927/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-13","reference_id":"mfsa2010-13","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0168"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aejk-rng6-r3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2601?format=json","vulnerability_id":"VCID-af65-mt6s-m7gm","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3071","reference_id":"","reference_type":"","scores":[{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87139","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521687","reference_id":"521687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071","reference_id":"CVE-2009-3071","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-af65-mt6s-m7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74261?format=json","vulnerability_id":"VCID-ag3v-an3r-dkhn","summary":"firefox 3.5 various flaws","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2479","reference_id":"","reference_type":"","scores":[{"value":"0.11193","scoring_system":"epss","scoring_elements":"0.93616","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html","reference_id":"OSVDB-55931;CVE-2009-2479","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2479"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ag3v-an3r-dkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2337?format=json","vulnerability_id":"VCID-aj7f-gyqy-c7d2","summary":"Security researcher Collin Jackson reported a violation of\nthe HTML5 specifications for document.domain behavior. Specified\nbehavior requires pages to only have access to windows in a new\ndocument.domain but the observed violation allowed pages to retain\naccess to windows from the page's initial origin in addition to the new\ndocument.domain. This could potentially lead to cross-site\nscripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3985","reference_id":"","reference_type":"","scores":[{"value":"0.00924","scoring_system":"epss","scoring_elements":"0.76347","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3985"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863617","reference_id":"863617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985","reference_id":"CVE-2012-3985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-76","reference_id":"mfsa2012-76","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-76"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aj7f-gyqy-c7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2360?format=json","vulnerability_id":"VCID-an8x-4b2f-cket","summary":"Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4201","reference_id":"","reference_type":"","scores":[{"value":"0.01959","scoring_system":"epss","scoring_elements":"0.83793","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877616","reference_id":"877616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201","reference_id":"CVE-2012-4201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93","reference_id":"mfsa2012-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an8x-4b2f-cket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=json","vulnerability_id":"VCID-and6-s8wt-rkfc","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0444","reference_id":"","reference_type":"","scores":[{"value":"0.08973","scoring_system":"epss","scoring_elements":"0.92732","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197","reference_id":"664197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196","reference_id":"669196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=786026","reference_id":"786026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=786026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444","reference_id":"CVE-2012-0444","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07","reference_id":"mfsa2012-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0136","reference_id":"RHSA-2012:0136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0136"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"},{"reference_url":"https://usn.ubuntu.com/1370-1/","reference_id":"USN-1370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1370-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-and6-s8wt-rkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2367?format=json","vulnerability_id":"VCID-ane4-965q-wfh8","summary":"Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4206","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37402","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206","reference_id":"CVE-2012-4206","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98","reference_id":"mfsa2012-98","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ane4-965q-wfh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2473?format=json","vulnerability_id":"VCID-ap5q-gg9g-43fb","summary":"Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.  The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on.  This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3837","reference_id":"","reference_type":"","scores":[{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.88092","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463189","reference_id":"463189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837","reference_id":"CVE-2008-3837","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-40","reference_id":"mfsa2008-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-3837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ap5q-gg9g-43fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88949?format=json","vulnerability_id":"VCID-arxf-63u9-bbhw","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2671","reference_id":"","reference_type":"","scores":[{"value":"0.06763","scoring_system":"epss","scoring_elements":"0.91438","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2671"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html","reference_id":"CVE-2007-2671;OSVDB-35700","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html"},{"reference_url":"https://www.securityfocus.com/bid/23747/info","reference_id":"CVE-2007-2671;OSVDB-35700","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23747/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2007-2671"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arxf-63u9-bbhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2817?format=json","vulnerability_id":"VCID-asue-vdvw-47b4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2982","reference_id":"","reference_type":"","scores":[{"value":"0.02496","scoring_system":"epss","scoring_elements":"0.85566","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730518","reference_id":"730518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982","reference_id":"CVE-2011-2982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1165","reference_id":"RHSA-2011:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1167","reference_id":"RHSA-2011:1167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1167"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asue-vdvw-47b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=json","vulnerability_id":"VCID-atd3-6j8b-4ygt","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4188","reference_id":"","reference_type":"","scores":[{"value":"0.52507","scoring_system":"epss","scoring_elements":"0.97981","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4188"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188","reference_id":"CVE-2012-4188","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4188"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atd3-6j8b-4ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=json","vulnerability_id":"VCID-atww-ctz6-23fg","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4186","reference_id":"","reference_type":"","scores":[{"value":"0.52507","scoring_system":"epss","scoring_elements":"0.97981","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186","reference_id":"CVE-2012-4186","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4186"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atww-ctz6-23fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2648?format=json","vulnerability_id":"VCID-auq4-xkn6-3fc9","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380","reference_id":"","reference_type":"","scores":[{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.8804","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567","reference_id":"530567","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380","reference_id":"CVE-2009-3380","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3380"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auq4-xkn6-3fc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2599?format=json","vulnerability_id":"VCID-avuv-znfu-wff5","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3069","reference_id":"","reference_type":"","scores":[{"value":"0.05238","scoring_system":"epss","scoring_elements":"0.90108","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521684","reference_id":"521684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069","reference_id":"CVE-2009-3069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avuv-znfu-wff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2404?format=json","vulnerability_id":"VCID-awgw-xs6s-pufr","summary":"Mozilla developer Boris Zbarsky reported that XBL\n   bindings could be used to read data from other domains, a violation\n   of the same-origin policy.  The severity of this issue was determined\n   to be moderate due to several mitigating factors:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5503","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79504","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5503"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476272","reference_id":"476272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503","reference_id":"CVE-2008-5503","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-61","reference_id":"mfsa2008-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5503"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awgw-xs6s-pufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=json","vulnerability_id":"VCID-ax4n-ycz1-2kfk","summary":"Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1964","reference_id":"","reference_type":"","scores":[{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76022","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840222","reference_id":"840222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964","reference_id":"CVE-2012-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54","reference_id":"mfsa2012-54","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1964"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4n-ycz1-2kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=json","vulnerability_id":"VCID-aykv-pwdn-rkb6","summary":"Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0159","reference_id":"","reference_type":"","scores":[{"value":"0.02476","scoring_system":"epss","scoring_elements":"0.85525","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566047","reference_id":"566047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159","reference_id":"CVE-2010-0159","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-01","reference_id":"mfsa2010-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0159"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aykv-pwdn-rkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2887?format=json","vulnerability_id":"VCID-azf5-cjq7-6uc1","summary":"Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3002","reference_id":"","reference_type":"","scores":[{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81939","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002","reference_id":"CVE-2011-3002","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41","reference_id":"mfsa2011-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3002"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azf5-cjq7-6uc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2642?format=json","vulnerability_id":"VCID-azu7-x774-kfdz","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0771","reference_id":"","reference_type":"","scores":[{"value":"0.07679","scoring_system":"epss","scoring_elements":"0.92024","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488272","reference_id":"488272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771","reference_id":"CVE-2009-0771","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0771"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azu7-x774-kfdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2581?format=json","vulnerability_id":"VCID-b31y-7bzb-9ufb","summary":"Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable.  If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it.  Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3376","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815","reference_id":"524815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274","reference_id":"CVE-2009-3274","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53","reference_id":"mfsa2009-53","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3274"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b31y-7bzb-9ufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=json","vulnerability_id":"VCID-b3p1-qqys-9udq","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0443","reference_id":"","reference_type":"","scores":[{"value":"0.0276","scoring_system":"epss","scoring_elements":"0.8626","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443","reference_id":"CVE-2012-0443","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01","reference_id":"mfsa2012-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0443"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3p1-qqys-9udq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=json","vulnerability_id":"VCID-b7t8-kqn7-jfcm","summary":"Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4190","reference_id":"","reference_type":"","scores":[{"value":"0.08531","scoring_system":"epss","scoring_elements":"0.92508","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=872753","reference_id":"872753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=872753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190","reference_id":"CVE-2012-4190","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88","reference_id":"mfsa2012-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7t8-kqn7-jfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2333?format=json","vulnerability_id":"VCID-bb7c-gufb-ybat","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1970","reference_id":"","reference_type":"","scores":[{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75549","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1970"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851909","reference_id":"851909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970","reference_id":"CVE-2012-1970","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57","reference_id":"mfsa2012-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb7c-gufb-ybat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2287?format=json","vulnerability_id":"VCID-bc4u-zpu7-bbgx","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5830","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75362","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830","reference_id":"CVE-2012-5830","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5830"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bc4u-zpu7-bbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2854?format=json","vulnerability_id":"VCID-bcbh-azrk-fqe7","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3660","reference_id":"","reference_type":"","scores":[{"value":"0.0394","scoring_system":"epss","scoring_elements":"0.88535","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3660"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660","reference_id":"CVE-2011-3660","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53","reference_id":"mfsa2011-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3660"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcbh-azrk-fqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2609?format=json","vulnerability_id":"VCID-bdw1-fw83-q7ac","summary":"Security researcher Guido Landi discovered that a\nXSL stylesheet could be used to crash the browser during a XSL\ntransformation.  An attacker could potentially use this crash to run\narbitrary code on a victim's computer.This vulnerability was also previously reported as a stability\nproblem by Ubuntu community member, Andre.  Ubuntu\ncommunity member Michael Rooney reported Andre's\nfindings to Mozilla, and Mozilla community member Martin\nhelped reduce Andre's original testcase and contributed a patch to fix\nthe vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1169","reference_id":"","reference_type":"","scores":[{"value":"0.37495","scoring_system":"epss","scoring_elements":"0.9726","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=492211","reference_id":"492211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=492211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169","reference_id":"CVE-2009-1169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-12","reference_id":"mfsa2009-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-12"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt","reference_id":"OSVDB-53079;CVE-2009-1169","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0397","reference_id":"RHSA-2009:0397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0398","reference_id":"RHSA-2009:0398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0398"},{"reference_url":"https://usn.ubuntu.com/745-1/","reference_id":"USN-745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdw1-fw83-q7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2835?format=json","vulnerability_id":"VCID-beyj-rs2t-8kgv","summary":"Mozilla security researcher moz_bug_r_a4 reported that\nan internal privilege check failed to respect the NoWaiverWrappers introduced\nwith Firefox 4. This could result in elevated privilege being granted to web content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3655","reference_id":"","reference_type":"","scores":[{"value":"0.00939","scoring_system":"epss","scoring_elements":"0.76544","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655","reference_id":"CVE-2011-3655","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-52","reference_id":"mfsa2011-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-52"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3655"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-beyj-rs2t-8kgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=json","vulnerability_id":"VCID-bez8-mm4d-pqf3","summary":"Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random().  Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user.  This additional variant is\nidentified as CVE-2010-3171.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3171","reference_id":"","reference_type":"","scores":[{"value":"0.08698","scoring_system":"epss","scoring_elements":"0.92607","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171","reference_id":"CVE-2010-3171","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c","reference_id":"CVE-2010-3171;OSVDB-53341","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c"},{"reference_url":"https://www.securityfocus.com/bid/43222/info","reference_id":"CVE-2010-3171;OSVDB-53341","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/43222/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33","reference_id":"mfsa2010-33","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3171"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bez8-mm4d-pqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2664?format=json","vulnerability_id":"VCID-bf3g-e7fs-t3g4","summary":"Bjoern Hoehrmann and security researcher Moxie\nMarlinspike independently reported\nthat Unicode box drawing characters were allowed in Internationalized\nDomain Names (IDN) where they could be visually confused with\npunctuation used in valid web addresses.  This could be combined with\na phishing-type scam to trick a victim into thinking they were on a\ndifferent website than they actually were.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0652","reference_id":"","reference_type":"","scores":[{"value":"0.02133","scoring_system":"epss","scoring_elements":"0.84459","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=486704","reference_id":"486704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=486704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652","reference_id":"CVE-2009-0652","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-15","reference_id":"mfsa2009-15","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bf3g-e7fs-t3g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2181?format=json","vulnerability_id":"VCID-bgku-whvs-rkdg","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the fix\nfor CVE-2010-0179\ncould be circumvented permitting the execution of arbitrary JavaScript\nwith chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3773","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77786","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660435","reference_id":"660435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773","reference_id":"CVE-2010-3773","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82","reference_id":"mfsa2010-82","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3773"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgku-whvs-rkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2597?format=json","vulnerability_id":"VCID-bhha-rf3c-dkdn","summary":"Mozilla security researcher Georgi Guninski\nreported that a website could use nsIRDFService and a\ncross-domain redirect to steal arbitrary XML data from another domain,\na violation of the same-origin policy.  This vulnerability could be\nused by a malicious website to steal private data from users\nauthenticated to the redirected website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0776","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75427","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488290","reference_id":"488290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776","reference_id":"CVE-2009-0776","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-09","reference_id":"mfsa2009-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhha-rf3c-dkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2212?format=json","vulnerability_id":"VCID-bhv2-kaa4-u3hr","summary":"A memory corruption flaw leading to code execution was reported by\nsecurity researcher Nils of MWR InfoSecurity during the\n2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative.\nBy moving DOM nodes between documents Nils found a case where the moved\nnode incorrectly retained its old scope. If garbage collection could\nbe triggered at the right time then Firefox would later use this freed\nobject.The contest winning exploit only affects Firefox 3.6\nand not earlier versions.Updated (June 22, 2010):  Firefox 3.5, SeaMonkey 2.0, and\nThunderbird 3.0 based on earlier versions of the browser\nengine were patched just in case there\nis an alternate way of triggering the underlying flaw.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1121","reference_id":"","reference_type":"","scores":[{"value":"0.0465","scoring_system":"epss","scoring_elements":"0.89465","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=577029","reference_id":"577029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=577029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121","reference_id":"CVE-2010-1121","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-25","reference_id":"mfsa2010-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhv2-kaa4-u3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=json","vulnerability_id":"VCID-bkqh-bg7u-mug1","summary":"Microsoft Vulnerability Research reported that two\nplugin instances could interact in a way in which one plugin gets a\nreference to an object owned by a second plugin and continues to hold\nthat reference after the second plugin is unloaded and its object is\ndestroyed.  In these cases, the first plugin would contain a pointer\nto freed memory which, if accessed, could be used by an attacker to\nexecute arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1198","reference_id":"","reference_type":"","scores":[{"value":"0.05287","scoring_system":"epss","scoring_elements":"0.90154","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1198"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590828","reference_id":"590828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198","reference_id":"CVE-2010-1198","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-28","reference_id":"mfsa2010-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1198"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqh-bg7u-mug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2339?format=json","vulnerability_id":"VCID-bmcs-22gj-nbeq","summary":"Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3966","reference_id":"","reference_type":"","scores":[{"value":"0.03664","scoring_system":"epss","scoring_elements":"0.88084","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851918","reference_id":"851918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966","reference_id":"CVE-2012-3966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-61","reference_id":"mfsa2012-61","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmcs-22gj-nbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2344?format=json","vulnerability_id":"VCID-bqd9-snzc-b7fj","summary":"An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026","reference_id":"","reference_type":"","scores":[{"value":"0.43757","scoring_system":"epss","scoring_elements":"0.97586","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737","reference_id":"790737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026","reference_id":"CVE-2011-3026","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11","reference_id":"mfsa2012-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0140","reference_id":"RHSA-2012:0140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0141","reference_id":"RHSA-2012:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0142","reference_id":"RHSA-2012:0142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0143","reference_id":"RHSA-2012:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0317","reference_id":"RHSA-2012:0317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0317"},{"reference_url":"https://usn.ubuntu.com/1367-1/","reference_id":"USN-1367-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-1/"},{"reference_url":"https://usn.ubuntu.com/1367-2/","reference_id":"USN-1367-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-2/"},{"reference_url":"https://usn.ubuntu.com/1367-3/","reference_id":"USN-1367-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-3/"},{"reference_url":"https://usn.ubuntu.com/1367-4/","reference_id":"USN-1367-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqd9-snzc-b7fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2578?format=json","vulnerability_id":"VCID-brj2-m46s-5yb8","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466","reference_id":"","reference_type":"","scores":[{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90662","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136","reference_id":"512136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466","reference_id":"CVE-2009-2466","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2466"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brj2-m46s-5yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2343?format=json","vulnerability_id":"VCID-bs5a-44n6-tug1","summary":"Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4210","reference_id":"","reference_type":"","scores":[{"value":"0.03834","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877633","reference_id":"877633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210","reference_id":"CVE-2012-4210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104","reference_id":"mfsa2012-104","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bs5a-44n6-tug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80811?format=json","vulnerability_id":"VCID-bt4y-zzfb-3kbc","summary":"Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2044","reference_id":"","reference_type":"","scores":[{"value":"0.05951","scoring_system":"epss","scoring_elements":"0.90784","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html","reference_id":"CVE-2009-2044;OSVDB-56471","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html"},{"reference_url":"https://www.securityfocus.com/bid/35280/info","reference_id":"CVE-2009-2044;OSVDB-56471","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35280/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bt4y-zzfb-3kbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2787?format=json","vulnerability_id":"VCID-bv7y-5uve-5ffk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0080","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.8564","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0080"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700677","reference_id":"700677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080","reference_id":"CVE-2011-0080","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0080"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bv7y-5uve-5ffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=json","vulnerability_id":"VCID-bvph-4hqk-u3ah","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5840","reference_id":"","reference_type":"","scores":[{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840","reference_id":"CVE-2012-5840","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5840"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvph-4hqk-u3ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2888?format=json","vulnerability_id":"VCID-bw9h-t8jr-zfac","summary":"Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3003","reference_id":"","reference_type":"","scores":[{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81504","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003","reference_id":"CVE-2011-3003","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41","reference_id":"mfsa2011-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3003"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9h-t8jr-zfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2621?format=json","vulnerability_id":"VCID-c141-m4yb-zkf3","summary":"Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property.  Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3986","reference_id":"","reference_type":"","scores":[{"value":"0.01982","scoring_system":"epss","scoring_elements":"0.83867","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546724","reference_id":"546724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986","reference_id":"CVE-2009-3986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-70","reference_id":"mfsa2009-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c141-m4yb-zkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2323?format=json","vulnerability_id":"VCID-c3mx-m2ka-s7fm","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3959","reference_id":"","reference_type":"","scores":[{"value":"0.03932","scoring_system":"epss","scoring_elements":"0.88521","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959","reference_id":"CVE-2012-3959","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3959"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3mx-m2ka-s7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=json","vulnerability_id":"VCID-c6uk-gmwa-87e8","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0773","reference_id":"","reference_type":"","scores":[{"value":"0.09167","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488276","reference_id":"488276","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773","reference_id":"CVE-2009-0773","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0773"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6uk-gmwa-87e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=json","vulnerability_id":"VCID-c7cm-h81n-6fhj","summary":"Security researcher Martin Barbella reported via\nTippingPoint's Zero Day Initiative that an XSLT node sorting routine\ncontained an integer overflow vulnerability.  In cases where one of\nthe nodes to be sorted contained a very large text value, the integer\nused to allocate a memory buffer to store its value would overflow,\nresulting in too small a buffer being created.  An attacker could use\nthis vulnerability to write data past the end of the buffer, causing\nthe browser to crash and potentially running arbitrary code on a\nvictim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1199","reference_id":"","reference_type":"","scores":[{"value":"0.42703","scoring_system":"epss","scoring_elements":"0.97535","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590833","reference_id":"590833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199","reference_id":"CVE-2010-1199","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py","reference_id":"CVE-2010-1199","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt","reference_id":"CVE-2010-1199;OSVDB-65744","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt"},{"reference_url":"https://www.securityfocus.com/bid/41082/info","reference_id":"CVE-2010-1199;OSVDB-65744","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/41082/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-30","reference_id":"mfsa2010-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7cm-h81n-6fhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=json","vulnerability_id":"VCID-c81m-9s68-zbgx","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176","reference_id":"","reference_type":"","scores":[{"value":"0.03853","scoring_system":"epss","scoring_elements":"0.88399","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272","reference_id":"642272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176","reference_id":"CVE-2010-3176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c81m-9s68-zbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2205?format=json","vulnerability_id":"VCID-cats-tmkd-pbf3","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3169","reference_id":"","reference_type":"","scores":[{"value":"0.03233","scoring_system":"epss","scoring_elements":"0.87292","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630055","reference_id":"630055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169","reference_id":"CVE-2010-3169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49","reference_id":"mfsa2010-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cats-tmkd-pbf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=json","vulnerability_id":"VCID-cb3n-ay7x-aff4","summary":"Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3983","reference_id":"","reference_type":"","scores":[{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.71528","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546720","reference_id":"546720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983","reference_id":"CVE-2009-3983","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68","reference_id":"mfsa2009-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cb3n-ay7x-aff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2464?format=json","vulnerability_id":"VCID-cd4g-54yc-bqhd","summary":"Perl developer Chip Salzenberg reported that\ncertain control characters, when placed at the beginning of a URL,\nwould lead to incorrect parsing resulting in a malformed URL being\noutput by the parser.  IBM researchers Justin Schuh,\nTom Cross, and Peter William also\nreported a related symptom as part of their research that resulted in\nMFSA 2008-37.\n\nThere was no direct security impact from this issue and its effect\nwas limited to the improper rendering of hyperlinks containing\nspecific characters.  The severity of this issue was determined to be\nlow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5508","reference_id":"","reference_type":"","scores":[{"value":"0.02182","scoring_system":"epss","scoring_elements":"0.8463","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5508"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476281","reference_id":"476281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508","reference_id":"CVE-2008-5508","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-66","reference_id":"mfsa2008-66","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cd4g-54yc-bqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2789?format=json","vulnerability_id":"VCID-cfnb-jsaa-a3g2","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0075","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88824","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700615","reference_id":"700615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075","reference_id":"CVE-2011-0075","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0075"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfnb-jsaa-a3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=json","vulnerability_id":"VCID-chve-znmf-w7at","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3075","reference_id":"","reference_type":"","scores":[{"value":"0.06395","scoring_system":"epss","scoring_elements":"0.91162","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521691","reference_id":"521691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075","reference_id":"CVE-2009-3075","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3075"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chve-znmf-w7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2317?format=json","vulnerability_id":"VCID-ckwu-zacg-d3bj","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1974","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87451","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1974"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974","reference_id":"CVE-2012-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1974"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ckwu-zacg-d3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2450?format=json","vulnerability_id":"VCID-ct5t-awyq-8udv","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5511","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77475","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5511"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476285","reference_id":"476285","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511","reference_id":"CVE-2008-5511","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68","reference_id":"mfsa2008-68","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct5t-awyq-8udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2647?format=json","vulnerability_id":"VCID-ctgf-gs1u-wygc","summary":"An anonymous researcher, via TippingPoint's Zero Day Initiative\nprogram, reported a vulnerability in Mozilla's garbage collection\nprocess.  The vulnerability was caused by improper memory management\nof a set of cloned XUL DOM elements which were linked as a parent and\nchild.  After reloading the browser on a page with such linked\nelements, the browser would crash when attempting to access an object\nwhich was already destroyed.  An attacker could use this crash to run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0775","reference_id":"","reference_type":"","scores":[{"value":"0.06585","scoring_system":"epss","scoring_elements":"0.91304","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488287","reference_id":"488287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775","reference_id":"CVE-2009-0775","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-08","reference_id":"mfsa2009-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0775"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctgf-gs1u-wygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2576?format=json","vulnerability_id":"VCID-cv76-zkt8-87e3","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464","reference_id":"","reference_type":"","scores":[{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.95225","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133","reference_id":"512133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464","reference_id":"CVE-2009-2464","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt"},{"reference_url":"https://www.securityfocus.com/bid/35775/info","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35775/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv76-zkt8-87e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2806?format=json","vulnerability_id":"VCID-cyed-u483-qbg3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2988","reference_id":"","reference_type":"","scores":[{"value":"0.06165","scoring_system":"epss","scoring_elements":"0.90963","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988","reference_id":"CVE-2011-2988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyed-u483-qbg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88961?format=json","vulnerability_id":"VCID-czbz-3q9u-e3dy","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czbz-3q9u-e3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2828?format=json","vulnerability_id":"VCID-d18j-gp7z-kyfd","summary":"Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2372","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62765","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741917","reference_id":"741917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372","reference_id":"CVE-2011-2372","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40","reference_id":"mfsa2011-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2372"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d18j-gp7z-kyfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=json","vulnerability_id":"VCID-d2bp-jqx3-9kb3","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382","reference_id":"","reference_type":"","scores":[{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94852","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569","reference_id":"530569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382","reference_id":"CVE-2009-3382","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html"},{"reference_url":"https://www.securityfocus.com/bid/36866/info","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36866/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3382"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d2bp-jqx3-9kb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2433?format=json","vulnerability_id":"VCID-d964-8bnu-7qdb","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5502","reference_id":"","reference_type":"","scores":[{"value":"0.03767","scoring_system":"epss","scoring_elements":"0.88236","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5502"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476269","reference_id":"476269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502","reference_id":"CVE-2008-5502","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5502"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d964-8bnu-7qdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88953?format=json","vulnerability_id":"VCID-d9m2-xqje-s7am","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1828","reference_id":"","reference_type":"","scores":[{"value":"0.15887","scoring_system":"epss","scoring_elements":"0.94859","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1828"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html","reference_id":"OSVDB-56406;CVE-2009-1828","reference_type":"exploit","scores":[],"url":"http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt","reference_id":"OSVDB-56406;CVE-2009-1828","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1828"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9m2-xqje-s7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=json","vulnerability_id":"VCID-d9xx-kdwq-6fgg","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3979","reference_id":"","reference_type":"","scores":[{"value":"0.05076","scoring_system":"epss","scoring_elements":"0.89939","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546694","reference_id":"546694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979","reference_id":"CVE-2009-3979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3979"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9xx-kdwq-6fgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2668?format=json","vulnerability_id":"VCID-dcjk-caxq-a3g3","summary":"Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse.  These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3371","reference_id":"","reference_type":"","scores":[{"value":"0.02682","scoring_system":"epss","scoring_elements":"0.86092","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371","reference_id":"CVE-2009-3371","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54","reference_id":"mfsa2009-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3371"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcjk-caxq-a3g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2167?format=json","vulnerability_id":"VCID-depk-81ux-wua9","summary":"Security researcher Nils of MWR InfoSecurity\nreported that the routine for setting the text value for certain types\nof DOM nodes contained an integer overflow vulnerability.  When a very\nlong string was passed to this routine, the integer value used in\ncreating a new memory buffer to hold the string would overflow,\nresulting in too small a buffer being allocated.  An attacker could\nuse this vulnerability to write data past the end of the buffer,\ncausing a crash and potentially running arbitrary code on a victim's\ncomputer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1196","reference_id":"","reference_type":"","scores":[{"value":"0.05226","scoring_system":"epss","scoring_elements":"0.90094","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590830","reference_id":"590830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196","reference_id":"CVE-2010-1196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-29","reference_id":"mfsa2010-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-depk-81ux-wua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2855?format=json","vulnerability_id":"VCID-desa-fpt9-8qaa","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced.  This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0055","reference_id":"","reference_type":"","scores":[{"value":"0.03375","scoring_system":"epss","scoring_elements":"0.87577","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675090","reference_id":"675090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055","reference_id":"CVE-2011-0055","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-03","reference_id":"mfsa2011-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0055"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-desa-fpt9-8qaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2340?format=json","vulnerability_id":"VCID-dfx3-vhn9-fkbh","summary":"Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1962","reference_id":"","reference_type":"","scores":[{"value":"0.03397","scoring_system":"epss","scoring_elements":"0.87612","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840215","reference_id":"840215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962","reference_id":"CVE-2012-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52","reference_id":"mfsa2012-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1962"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfx3-vhn9-fkbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2883?format=json","vulnerability_id":"VCID-dk9z-4a47-67g9","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2370","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54353","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370","reference_id":"CVE-2011-2370","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-28","reference_id":"mfsa2011-28","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-28"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2370"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk9z-4a47-67g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2319?format=json","vulnerability_id":"VCID-dnur-7qxp-g7g1","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1976","reference_id":"","reference_type":"","scores":[{"value":"0.03172","scoring_system":"epss","scoring_elements":"0.87157","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976","reference_id":"CVE-2012-1976","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnur-7qxp-g7g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2382?format=json","vulnerability_id":"VCID-dwfw-frsy-tfcr","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0461","reference_id":"","reference_type":"","scores":[{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78906","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461","reference_id":"CVE-2012-0461","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwfw-frsy-tfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2441?format=json","vulnerability_id":"VCID-dzph-njyd-1qeu","summary":"Security researcher Liu Die Yu of\nTopsecTianRongXin reported that locally saved .url shortcut files\ncould be used to read information stored in the local cache.  An\nattacker could use this vulnerability to steal information from a\nvictim's browser cache if they were able to get the victim to download\ntwo separate files, a .url shortcut and a HTML file.  Given the\nrelative complexity of this attack, the severity of the issue was\ndetermined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4582","reference_id":"","reference_type":"","scores":[{"value":"0.3558","scoring_system":"epss","scoring_elements":"0.97145","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470903","reference_id":"470903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582","reference_id":"CVE-2008-4582","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html","reference_id":"CVE-2008-4582;OSVDB-49073","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html"},{"reference_url":"https://www.securityfocus.com/bid/31611/info","reference_id":"CVE-2008-4582;OSVDB-49073","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/31611/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-47","reference_id":"mfsa2008-47","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-47"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4582"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzph-njyd-1qeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2157?format=json","vulnerability_id":"VCID-e1zc-uz7j-vqgf","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code.  When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2766","reference_id":"","reference_type":"","scores":[{"value":"0.05221","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630069","reference_id":"630069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766","reference_id":"CVE-2010-2766","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57","reference_id":"mfsa2010-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2766"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1zc-uz7j-vqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2589?format=json","vulnerability_id":"VCID-e2zn-rn59-gyfv","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges.  Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages.  This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3079","reference_id":"","reference_type":"","scores":[{"value":"0.0151","scoring_system":"epss","scoring_elements":"0.81493","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3079"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521695","reference_id":"521695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079","reference_id":"CVE-2009-3079","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-51","reference_id":"mfsa2009-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zn-rn59-gyfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2286?format=json","vulnerability_id":"VCID-e5dd-61fv-efe7","summary":"Mozilla community member Matias Juntunen discovered an error\nin WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments\nfrom FindMaxUshortElement. This bug causes maximum index to be computed\nincorrectly within WebGL.drawElements, allowing the reading of illegal video\nmemory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0473","reference_id":"","reference_type":"","scores":[{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72599","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815023","reference_id":"815023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473","reference_id":"CVE-2012-0473","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26","reference_id":"mfsa2012-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0473"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5dd-61fv-efe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=json","vulnerability_id":"VCID-e8gx-6nqq-xbcx","summary":"Security researcher Simone Fabiano reported that if a\ncross-site XHR or WebSocket is opened on a web server on a non-standard port for\nweb traffic while using an IPv6 address, the browser will send an ambiguous\norigin headers if the IPv6 address contains at least 2 consecutive 16-bit fields\nof zeroes. If there is an origin access control list that uses IPv6 literals,\nthis issue could be used to bypass these access controls on the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0475","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52566","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187","reference_id":"815187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475","reference_id":"CVE-2012-0475","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28","reference_id":"mfsa2012-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0475"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8gx-6nqq-xbcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=json","vulnerability_id":"VCID-e921-wz2n-cycp","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4187","reference_id":"","reference_type":"","scores":[{"value":"0.20011","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187","reference_id":"CVE-2012-4187","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e921-wz2n-cycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2834?format=json","vulnerability_id":"VCID-ea8w-cmzd-hqan","summary":"Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0071","reference_id":"","reference_type":"","scores":[{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.8245","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700635","reference_id":"700635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071","reference_id":"CVE-2011-0071","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16","reference_id":"mfsa2011-16","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8w-cmzd-hqan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=json","vulnerability_id":"VCID-ec9h-nv75-tkc6","summary":"Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1956","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73308","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851912","reference_id":"851912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956","reference_id":"CVE-2012-1956","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-59","reference_id":"mfsa2012-59","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-59"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1956"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ec9h-nv75-tkc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=json","vulnerability_id":"VCID-eftp-v3k7-xkct","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3960","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85041","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960","reference_id":"CVE-2012-3960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3960"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eftp-v3k7-xkct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2121?format=json","vulnerability_id":"VCID-embn-ntxv-73bh","summary":"Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0172","reference_id":"","reference_type":"","scores":[{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67741","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172","reference_id":"CVE-2010-0172","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-15","reference_id":"mfsa2010-15","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0172"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-embn-ntxv-73bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2307?format=json","vulnerability_id":"VCID-ermf-rt9s-duhy","summary":"Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1959","reference_id":"","reference_type":"","scores":[{"value":"0.0093","scoring_system":"epss","scoring_elements":"0.7643","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840212","reference_id":"840212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959","reference_id":"CVE-2012-1959","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49","reference_id":"mfsa2012-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1959"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ermf-rt9s-duhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2783?format=json","vulnerability_id":"VCID-ess5-nmfb-kygw","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0079","reference_id":"","reference_type":"","scores":[{"value":"0.06848","scoring_system":"epss","scoring_elements":"0.91493","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079","reference_id":"CVE-2011-0079","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ess5-nmfb-kygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2310?format=json","vulnerability_id":"VCID-ez55-uvz6-gfh8","summary":"Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1955","reference_id":"","reference_type":"","scores":[{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85821","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1955"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840206","reference_id":"840206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955","reference_id":"CVE-2012-1955","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45","reference_id":"mfsa2012-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1955"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ez55-uvz6-gfh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2882?format=json","vulnerability_id":"VCID-f5qs-usvq-7ygn","summary":"Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document.  While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1585","reference_id":"","reference_type":"","scores":[{"value":"0.01466","scoring_system":"epss","scoring_elements":"0.81198","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675094","reference_id":"675094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585","reference_id":"CVE-2010-1585","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-08","reference_id":"mfsa2011-08","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1585"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qs-usvq-7ygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=json","vulnerability_id":"VCID-f7b5-ehbj-m7eq","summary":"Google security researcher Michal Zalewski\nreported that when a window was opened to a site resulting in a\nnetwork or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content.  An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually\nwere.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3774","reference_id":"","reference_type":"","scores":[{"value":"0.01015","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660438","reference_id":"660438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774","reference_id":"CVE-2010-3774","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-83","reference_id":"mfsa2010-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7b5-ehbj-m7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2417?format=json","vulnerability_id":"VCID-fj5e-3c6k-2qc7","summary":"Security researcher David Bloom reported that the\nbrowser's session restore feature can be used to violate the\nsame-origin policy and run JavaScript in the context of another site.\nAny otherwise unexploitable crash can be used to force the user into the\nsession restore state Mozilla security researcher moz_bug_r_a4 demonstrated that\nthis vulnerability could also be used by an attacker to run arbitrary\nJavaScript with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5019","reference_id":"","reference_type":"","scores":[{"value":"0.12823","scoring_system":"epss","scoring_elements":"0.9414","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5019"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470889","reference_id":"470889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019","reference_id":"CVE-2008-5019","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-53","reference_id":"mfsa2008-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5019"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5e-3c6k-2qc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=json","vulnerability_id":"VCID-fjd2-qz3j-quct","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0442","reference_id":"","reference_type":"","scores":[{"value":"0.01441","scoring_system":"epss","scoring_elements":"0.81034","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0442"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785085","reference_id":"785085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442","reference_id":"CVE-2012-0442","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01","reference_id":"mfsa2012-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0084","reference_id":"RHSA-2012:0084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0085","reference_id":"RHSA-2012:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0085"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0442"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjd2-qz3j-quct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=json","vulnerability_id":"VCID-fjza-kzrj-h7bf","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3654","reference_id":"","reference_type":"","scores":[{"value":"0.08632","scoring_system":"epss","scoring_elements":"0.92563","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654","reference_id":"CVE-2011-3654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjza-kzrj-h7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2813?format=json","vulnerability_id":"VCID-fkcd-dn21-k3aa","summary":"Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text.  This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0058","reference_id":"","reference_type":"","scores":[{"value":"0.07784","scoring_system":"epss","scoring_elements":"0.92084","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675143","reference_id":"675143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058","reference_id":"CVE-2011-0058","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-07","reference_id":"mfsa2011-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0058"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkcd-dn21-k3aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=json","vulnerability_id":"VCID-fm6v-97ps-qkb1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175","reference_id":"","reference_type":"","scores":[{"value":"0.03233","scoring_system":"epss","scoring_elements":"0.87292","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275","reference_id":"642275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175","reference_id":"CVE-2010-3175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm6v-97ps-qkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2381?format=json","vulnerability_id":"VCID-fmxb-m3xe-y7hd","summary":"Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0471","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72828","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0471"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815021","reference_id":"815021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471","reference_id":"CVE-2012-0471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24","reference_id":"mfsa2012-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0471"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmxb-m3xe-y7hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=json","vulnerability_id":"VCID-fnqu-d93p-nyht","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1954","reference_id":"","reference_type":"","scores":[{"value":"0.05001","scoring_system":"epss","scoring_elements":"0.89858","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1954"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954","reference_id":"CVE-2012-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnqu-d93p-nyht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2469?format=json","vulnerability_id":"VCID-fshd-5yva-8yc8","summary":"Justin Schuh of the IBM X-Force reported a flaw in\nthe way Mozilla parses the http-index-format MIME type.  By sending a\nspecially crafted 200 header line in the HTTP index response, an\nattacker can cause the browser to crash and run arbitrary code on the\nvictim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0017","reference_id":"","reference_type":"","scores":[{"value":"0.14498","scoring_system":"epss","scoring_elements":"0.94558","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470892","reference_id":"470892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017","reference_id":"CVE-2008-0017","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54","reference_id":"mfsa2008-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-0017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fshd-5yva-8yc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=json","vulnerability_id":"VCID-fu4j-atx7-p3by","summary":"Mozilla community member Alice White reported that when the\nGetProperty function is invoked through JSAPI, security checking\ncan be bypassed when getting cross-origin properties. This potentially allowed\nfor arbitrary code execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3991","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80889","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3991"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863621","reference_id":"863621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991","reference_id":"CVE-2012-3991","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-81","reference_id":"mfsa2012-81","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-81"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3991"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu4j-atx7-p3by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=json","vulnerability_id":"VCID-fw1w-z9qg-2uef","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4196","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76846","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196","reference_id":"CVE-2012-4196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fw1w-z9qg-2uef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71457?format=json","vulnerability_id":"VCID-fwc9-m2qd-eua6","summary":"firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4688","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47519","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=761550","reference_id":"761550","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=761550"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-4688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwc9-m2qd-eua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=json","vulnerability_id":"VCID-fwmk-3y43-hyhv","summary":"Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted.  There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86034","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145","reference_id":"512145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470","reference_id":"CVE-2009-2470","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38","reference_id":"mfsa2009-38","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2470"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwmk-3y43-hyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2293?format=json","vulnerability_id":"VCID-g214-2v75-dfd2","summary":"Security researchers Mario Gomes and Soroush\nDalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1965","reference_id":"","reference_type":"","scores":[{"value":"0.01216","scoring_system":"epss","scoring_elements":"0.79324","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840225","reference_id":"840225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965","reference_id":"CVE-2012-1965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55","reference_id":"mfsa2012-55","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1965"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g214-2v75-dfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=json","vulnerability_id":"VCID-g2cj-8shy-uqcc","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1941","reference_id":"","reference_type":"","scores":[{"value":"0.06289","scoring_system":"epss","scoring_elements":"0.91078","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941","reference_id":"CVE-2012-1941","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1941"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2cj-8shy-uqcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2115?format=json","vulnerability_id":"VCID-g7fv-ggv2-aqhn","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit.  This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1208","reference_id":"","reference_type":"","scores":[{"value":"0.01551","scoring_system":"epss","scoring_elements":"0.8172","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615458","reference_id":"615458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208","reference_id":"CVE-2010-1208","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35","reference_id":"mfsa2010-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7fv-ggv2-aqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2198?format=json","vulnerability_id":"VCID-g8pv-awkj-5bh8","summary":"Security researcher echo reported that a web page\ncould open a window with an about:blank location and then inject an\n<isindex> element into that page which upon submission would\nredirect to a chrome: document.  The effect of this defect was that\nthe original page would wind up with a reference to a\nchrome-privileged object, the opened window, which could be leveraged\nfor privilege escalation attacks.Mozilla security researcher moz_bug_r_a4 provided\nproof-of-concept code demonstrating how the above vulnerability could\nbe used to run arbitrary code with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3771","reference_id":"","reference_type":"","scores":[{"value":"0.02236","scoring_system":"epss","scoring_elements":"0.84816","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660417","reference_id":"660417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771","reference_id":"CVE-2010-3771","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-76","reference_id":"mfsa2010-76","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-76"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3771"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8pv-awkj-5bh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=json","vulnerability_id":"VCID-g8ty-gg8e-nug5","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4181","reference_id":"","reference_type":"","scores":[{"value":"0.03504","scoring_system":"epss","scoring_elements":"0.87816","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181","reference_id":"CVE-2012-4181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ty-gg8e-nug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2298?format=json","vulnerability_id":"VCID-g9e6-nygw-wydy","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4216","reference_id":"","reference_type":"","scores":[{"value":"0.04114","scoring_system":"epss","scoring_elements":"0.88792","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4216"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216","reference_id":"CVE-2012-4216","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4216"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9e6-nygw-wydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2370?format=json","vulnerability_id":"VCID-gb3u-y5z4-hyb7","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a use-after-free in the IME State Manager code. This could lead to a\npotentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3990","reference_id":"","reference_type":"","scores":[{"value":"0.06071","scoring_system":"epss","scoring_elements":"0.90885","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863628","reference_id":"863628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990","reference_id":"CVE-2012-3990","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-87","reference_id":"mfsa2012-87","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gb3u-y5z4-hyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70733?format=json","vulnerability_id":"VCID-gch6-jznq-jqfs","summary":"Mozilla: SPDY information disclosure (MFSA 2012-73)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=859827","reference_id":"859827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=859827"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gch6-jznq-jqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2159?format=json","vulnerability_id":"VCID-gesr-3egw-kydd","summary":"Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0654","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.7241","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=568231","reference_id":"568231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=568231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654","reference_id":"CVE-2010-0654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46","reference_id":"mfsa2010-46","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gesr-3egw-kydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2651?format=json","vulnerability_id":"VCID-gm28-kdg7-bbgm","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3383","reference_id":"","reference_type":"","scores":[{"value":"0.05615","scoring_system":"epss","scoring_elements":"0.90464","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383","reference_id":"CVE-2009-3383","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm28-kdg7-bbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2280?format=json","vulnerability_id":"VCID-gqcx-9dd1-y7ev","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1953","reference_id":"","reference_type":"","scores":[{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80869","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1953"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953","reference_id":"CVE-2012-1953","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1953"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqcx-9dd1-y7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2669?format=json","vulnerability_id":"VCID-gsqx-hgzq-77a3","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat it is possible to create a document whose URI does not match the\ndocument's principal using XMLHttpRequest.  This type of\nmismatch leads to incorrect results in principal-based security\nchecks.  An attacker could use this vulnerability to execute arbitrary\nJavaScript within the context of another site.moz_bug_r_a4 separately reported\nthat XPCNativeWrapper.toString's\n__proto__ comes from the wrong scope which results in\ncalls to that function being executed in the wrong context in certain\ncircumstances.  An attacker could use this vulnerability to run\narbitrary code within the context of a different site.  Alternatively,\nif chrome were to call content.toString.call(), then\nattacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1309","reference_id":"","reference_type":"","scores":[{"value":"0.01757","scoring_system":"epss","scoring_elements":"0.82906","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1309"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496267","reference_id":"496267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309","reference_id":"CVE-2009-1309","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-19","reference_id":"mfsa2009-19","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1309"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqx-hgzq-77a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2152?format=json","vulnerability_id":"VCID-h14f-dndv-g3db","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3072","reference_id":"","reference_type":"","scores":[{"value":"0.04749","scoring_system":"epss","scoring_elements":"0.89595","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3072"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521688","reference_id":"521688","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072","reference_id":"CVE-2009-3072","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h14f-dndv-g3db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88948?format=json","vulnerability_id":"VCID-h2c2-87br-k7h9","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2007-2436"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2c2-87br-k7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=json","vulnerability_id":"VCID-h2zb-y8qu-rkhm","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a nsDOMAttribute\nnode can be modified without informing the iterator object responsible\nfor various DOM traversals.  This flaw could lead to a inconsistent\nstate where the iterator points to an object it believes is part of\nthe DOM but actually points to some other object.  If such an object\nhad been deleted and its memory reclaimed by the system, then the\niterator could be used to call into attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3766","reference_id":"","reference_type":"","scores":[{"value":"0.07145","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660429","reference_id":"660429","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766","reference_id":"CVE-2010-3766","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-80","reference_id":"mfsa2010-80","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-80"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3766"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2zb-y8qu-rkhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=json","vulnerability_id":"VCID-h32a-d7jh-m7dq","summary":"Security researcher Aki Helin reported a potentially\nexploitable crash in the YARR regular expression library used by JavaScript.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3232","reference_id":"","reference_type":"","scores":[{"value":"0.07734","scoring_system":"epss","scoring_elements":"0.92054","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232","reference_id":"CVE-2011-3232","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-42","reference_id":"mfsa2011-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-42"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3232"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h32a-d7jh-m7dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2369?format=json","vulnerability_id":"VCID-h3nn-6nww-fubf","summary":"Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1963","reference_id":"","reference_type":"","scores":[{"value":"0.01487","scoring_system":"epss","scoring_elements":"0.81339","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840220","reference_id":"840220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963","reference_id":"CVE-2012-1963","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53","reference_id":"mfsa2012-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1963"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3nn-6nww-fubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=json","vulnerability_id":"VCID-h632-fbq3-uqh5","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4182","reference_id":"","reference_type":"","scores":[{"value":"0.04752","scoring_system":"epss","scoring_elements":"0.89599","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182","reference_id":"CVE-2012-4182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h632-fbq3-uqh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2341?format=json","vulnerability_id":"VCID-hb8p-k984-2bbb","summary":"Security researcher David Bloom of Cue discovered that\n<select> elements are always-on-top chromeless windows and\nthat navigation away from a page with an active <select> menu\ndoes not remove this window.When another menu is opened programmatically on a\nnew page, the original <select> menu can be retained and\narbitrary HTML content within it rendered, allowing an attacker to cover\narbitrary portions of the new page through absolute positioning/scrolling,\nleading to spoofing attacks. Security researcher Jordi Chancel\nfound a variation that would allow for click-jacking attacks was well.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3984","reference_id":"","reference_type":"","scores":[{"value":"0.01951","scoring_system":"epss","scoring_elements":"0.83758","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616","reference_id":"863616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984","reference_id":"CVE-2012-3984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-75","reference_id":"mfsa2012-75","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-75"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8p-k984-2bbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2166?format=json","vulnerability_id":"VCID-hcjp-8k4f-fuhf","summary":"Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179","reference_id":"","reference_type":"","scores":[{"value":"0.22551","scoring_system":"epss","scoring_elements":"0.95941","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277","reference_id":"642277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179","reference_id":"CVE-2010-3179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html"},{"reference_url":"https://www.securityfocus.com/bid/44247/info","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/44247/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65","reference_id":"mfsa2010-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3179"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjp-8k4f-fuhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=json","vulnerability_id":"VCID-hdy1-ad14-9bdr","summary":"Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection.  Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0057","reference_id":"","reference_type":"","scores":[{"value":"0.03949","scoring_system":"epss","scoring_elements":"0.88543","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675093","reference_id":"675093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057","reference_id":"CVE-2011-0057","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-06","reference_id":"mfsa2011-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0057"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdy1-ad14-9bdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2311?format=json","vulnerability_id":"VCID-heem-dnwk-ufby","summary":"Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1960","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67977","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840213","reference_id":"840213","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960","reference_id":"CVE-2012-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50","reference_id":"mfsa2012-50","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1960"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-heem-dnwk-ufby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=json","vulnerability_id":"VCID-hfwt-3n83-8yaz","summary":"Security researcher Prateek Saxena reported that a\nmalicious MozSearch plugin could be created using a javascript: URI in\nthe SearchForm value.  This URI is used as the default\nlanding page when an empty search is performed.  If an attacker could\nget a user to install the malicious plugin and perform an empty\nsearch, the SearchForm javascript: URI would be executed\nwithin the context of the currently open page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1310","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75342","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1310"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496270","reference_id":"496270","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310","reference_id":"CVE-2009-1310","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-20","reference_id":"mfsa2009-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1310"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfwt-3n83-8yaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2846?format=json","vulnerability_id":"VCID-hm86-1bfs-uub7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2990","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67968","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990","reference_id":"CVE-2011-2990","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm86-1bfs-uub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2144?format=json","vulnerability_id":"VCID-hnqn-9dyg-fyaf","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1202","reference_id":"","reference_type":"","scores":[{"value":"0.06167","scoring_system":"epss","scoring_elements":"0.90964","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590810","reference_id":"590810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202","reference_id":"CVE-2010-1202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnqn-9dyg-fyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2282?format=json","vulnerability_id":"VCID-hpes-a26j-eubg","summary":"magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0450","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21751","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450","reference_id":"CVE-2012-0450","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-09","reference_id":"mfsa2012-09","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-09"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0450"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpes-a26j-eubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2790?format=json","vulnerability_id":"VCID-hq8b-hhzz-zyag","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0077","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.8893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700613","reference_id":"700613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077","reference_id":"CVE-2011-0077","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0077"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq8b-hhzz-zyag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71605?format=json","vulnerability_id":"VCID-hs89-asjt-xqdy","summary":"nss: /pkcs11.txt and /secmod.db files read on initialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3640","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56923","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614","reference_id":"647614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=748379","reference_id":"748379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=748379"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3640"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs89-asjt-xqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2209?format=json","vulnerability_id":"VCID-huw3-d12r-6yb5","summary":"Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript.  This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1213","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40141","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1213"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615471","reference_id":"615471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213","reference_id":"CVE-2010-1213","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42","reference_id":"mfsa2010-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1213"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huw3-d12r-6yb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2614?format=json","vulnerability_id":"VCID-hvvv-dc2z-r7ed","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3378","reference_id":"","reference_type":"","scores":[{"value":"0.03284","scoring_system":"epss","scoring_elements":"0.87404","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743","reference_id":"552743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378","reference_id":"CVE-2009-3378","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvvv-dc2z-r7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=json","vulnerability_id":"VCID-hw8a-1fyr-5uda","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3074","reference_id":"","reference_type":"","scores":[{"value":"0.06345","scoring_system":"epss","scoring_elements":"0.91124","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521690","reference_id":"521690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074","reference_id":"CVE-2009-3074","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hw8a-1fyr-5uda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2791?format=json","vulnerability_id":"VCID-hx1c-5urc-q7ar","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0078","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.8893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700603","reference_id":"700603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078","reference_id":"CVE-2011-0078","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0078"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hx1c-5urc-q7ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=json","vulnerability_id":"VCID-hxra-yff9-r3fr","summary":"Mozilla developer Daniel Holbert reported that the\nfix to the plugin parameter array crash that was fixed in Firefox\n3.6.7 caused a crash showing signs of memory corruption.  In certain\ncircumstances, properties in the plugin instance's parameter array\ncould be freed prematurely leaving a dangling pointer that the plugin\ncould execute, potentially calling into attacker-controlled\nmemory.Firefox 3.5.11 was also affected by the regression\nbut the equivalent pointer was always initialized to NULL and \nnot exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2755","reference_id":"","reference_type":"","scores":[{"value":"0.10163","scoring_system":"epss","scoring_elements":"0.93233","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=617657","reference_id":"617657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=617657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755","reference_id":"CVE-2010-2755","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-48","reference_id":"mfsa2010-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0556","reference_id":"RHSA-2010:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0557","reference_id":"RHSA-2010:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0558","reference_id":"RHSA-2010:0558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0558"},{"reference_url":"https://usn.ubuntu.com/930-6/","reference_id":"USN-930-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-6/"},{"reference_url":"https://usn.ubuntu.com/957-2/","reference_id":"USN-957-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2755"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxra-yff9-r3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78386?format=json","vulnerability_id":"VCID-j2cc-ej51-4fat","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5822","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66281","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5822"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5822"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2cc-ej51-4fat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2375?format=json","vulnerability_id":"VCID-j2te-qzzx-kkay","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0467","reference_id":"","reference_type":"","scores":[{"value":"0.02405","scoring_system":"epss","scoring_elements":"0.85328","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000","reference_id":"815000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467","reference_id":"CVE-2012-0467","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20","reference_id":"mfsa2012-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0467"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2te-qzzx-kkay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=json","vulnerability_id":"VCID-j5hf-agzm-8bfj","summary":"Mozilla developer Bas Schouten reported that the\nintroduction of the \"Azure\" graphics back-end on Windows in Firefox 7\nre-introduced the cross-origin data theft issue reported by\nnasalislarvatus3000 as described in \nMFSA 2011-29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3649","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49748","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649","reference_id":"CVE-2011-3649","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-50","reference_id":"mfsa2011-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3649"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hf-agzm-8bfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=json","vulnerability_id":"VCID-j86k-vcuv-5uhe","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3377","reference_id":"","reference_type":"","scores":[{"value":"0.07","scoring_system":"epss","scoring_elements":"0.91594","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3377"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=531770","reference_id":"531770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=531770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377","reference_id":"CVE-2009-3377","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j86k-vcuv-5uhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2886?format=json","vulnerability_id":"VCID-jh6n-bau7-byhg","summary":"Mozilla developer Boris Zbarsky reported that a frame\nnamed \"location\" could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the frame\nwas created. Because some plugins use the value of window.location to determine\nthe page origin this could fool the plugin into granting the plugin content\naccess to another site or the local file system in violation of the Same Origin\nPolicy. This flaw allows circumvention of the fix added for\nMFSA 2010-10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2999","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72835","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2999"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741904","reference_id":"741904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999","reference_id":"CVE-2011-2999","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38","reference_id":"mfsa2011-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1343","reference_id":"RHSA-2011:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1344","reference_id":"RHSA-2011:1344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1344"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2999"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6n-bau7-byhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2447?format=json","vulnerability_id":"VCID-jhgh-37q6-17fm","summary":"Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read.  The severity of this bug was low and did not appear to cause any memory corruption.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4069","reference_id":"","reference_type":"","scores":[{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80007","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463251","reference_id":"463251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069","reference_id":"CVE-2008-4069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-45","reference_id":"mfsa2008-45","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhgh-37q6-17fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=json","vulnerability_id":"VCID-jjg5-q8kj-yyg9","summary":"Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow.  This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.75272","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294","reference_id":"642294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178","reference_id":"CVE-2010-3178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69","reference_id":"mfsa2010-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjg5-q8kj-yyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2306?format=json","vulnerability_id":"VCID-jjza-54cz-9kcg","summary":"Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a\ndata: URL. In this issue, context menu functionality (\"View Image\", \"Show only this frame\", and \"View background image\") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1966","reference_id":"","reference_type":"","scores":[{"value":"0.01351","scoring_system":"epss","scoring_elements":"0.80397","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840207","reference_id":"840207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966","reference_id":"CVE-2012-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46","reference_id":"mfsa2012-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjza-54cz-9kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=json","vulnerability_id":"VCID-jkjk-6r2p-jbcu","summary":"Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed.  If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code.  An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471","reference_id":"","reference_type":"","scores":[{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.8439","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146","reference_id":"512146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471","reference_id":"CVE-2009-2471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39","reference_id":"mfsa2009-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2471"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkjk-6r2p-jbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2451?format=json","vulnerability_id":"VCID-jkxv-jgzt-yue7","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5512","reference_id":"","reference_type":"","scores":[{"value":"0.04686","scoring_system":"epss","scoring_elements":"0.8951","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5512"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476287","reference_id":"476287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512","reference_id":"CVE-2008-5512","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68","reference_id":"mfsa2008-68","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5512"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkxv-jgzt-yue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2118?format=json","vulnerability_id":"VCID-jn2a-9g3e-pqc4","summary":"Google security researcher Michal Zalewski\nreported that focus() could be used to change a user's\ncursor focus while they are typing, potentially directing their\nkeyboard input to an unintended location.  This behavior was also\npresent across origins when content from one domain was embedded\nwithin another via an iframe.  A malicious web page could use this\nbehavior to steal keystrokes from a victim while they were typing\nsensitive information such as a password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1125","reference_id":"","reference_type":"","scores":[{"value":"0.02114","scoring_system":"epss","scoring_elements":"0.84391","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1125"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=577584","reference_id":"577584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=577584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125","reference_id":"CVE-2010-1125","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-31","reference_id":"mfsa2010-31","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jn2a-9g3e-pqc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88956?format=json","vulnerability_id":"VCID-jrca-ffpb-yuhd","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2065","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5353","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2065"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2065"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrca-ffpb-yuhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=json","vulnerability_id":"VCID-junk-cvrr-h3ey","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0772","reference_id":"","reference_type":"","scores":[{"value":"0.07324","scoring_system":"epss","scoring_elements":"0.91803","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488273","reference_id":"488273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772","reference_id":"CVE-2009-0772","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0772"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-junk-cvrr-h3ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2587?format=json","vulnerability_id":"VCID-jx4t-39du-9khz","summary":"Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1840","reference_id":"","reference_type":"","scores":[{"value":"0.01388","scoring_system":"epss","scoring_elements":"0.80651","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503582","reference_id":"503582","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503582"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840","reference_id":"CVE-2009-1840","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31","reference_id":"mfsa2009-31","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1840"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx4t-39du-9khz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78391?format=json","vulnerability_id":"VCID-jy4c-hf8h-zbg3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0071","reference_id":"","reference_type":"","scores":[{"value":"0.10859","scoring_system":"epss","scoring_elements":"0.93493","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html","reference_id":"OSVDB-52657;CVE-2009-0071","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy4c-hf8h-zbg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=json","vulnerability_id":"VCID-jzxs-ubpc-kkhq","summary":"Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed.  The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped.  This issue could potentially be used to bypass naive script filtering and used in an XSS attack.  This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4066","reference_id":"","reference_type":"","scores":[{"value":"0.01204","scoring_system":"epss","scoring_elements":"0.79244","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4066"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463243","reference_id":"463243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066","reference_id":"CVE-2008-4066","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43","reference_id":"mfsa2008-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxs-ubpc-kkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2658?format=json","vulnerability_id":"VCID-jzxt-hzwv-a3ay","summary":"Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height.  In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view.  An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3078","reference_id":"","reference_type":"","scores":[{"value":"0.01724","scoring_system":"epss","scoring_elements":"0.82725","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521694","reference_id":"521694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078","reference_id":"CVE-2009-3078","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-50","reference_id":"mfsa2009-50","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3078"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxt-hzwv-a3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2636?format=json","vulnerability_id":"VCID-k4bn-xfgy-a3en","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3980","reference_id":"","reference_type":"","scores":[{"value":"0.04407","scoring_system":"epss","scoring_elements":"0.89178","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980","reference_id":"CVE-2009-3980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3980"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4bn-xfgy-a3en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2591?format=json","vulnerability_id":"VCID-k6sa-x522-yba2","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1392","reference_id":"","reference_type":"","scores":[{"value":"0.15734","scoring_system":"epss","scoring_elements":"0.94829","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1392"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503568","reference_id":"503568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392","reference_id":"CVE-2009-1392","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1392"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6sa-x522-yba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=json","vulnerability_id":"VCID-k7qg-pc6m-3fde","summary":"Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0445","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67742","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445","reference_id":"CVE-2012-0445","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-03","reference_id":"mfsa2012-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-03"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0445"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qg-pc6m-3fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=json","vulnerability_id":"VCID-k8gc-ufm1-9ffn","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4195","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76793","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195","reference_id":"CVE-2012-4195","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4195"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8gc-ufm1-9ffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2421?format=json","vulnerability_id":"VCID-k9js-qqg1-pyfh","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5018","reference_id":"","reference_type":"","scores":[{"value":"0.20193","scoring_system":"epss","scoring_elements":"0.95605","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470884","reference_id":"470884","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018","reference_id":"CVE-2008-5018","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5018"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9js-qqg1-pyfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88958?format=json","vulnerability_id":"VCID-ka4t-w5r8-43hu","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3400","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47687","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3400"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka4t-w5r8-43hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2868?format=json","vulnerability_id":"VCID-kevz-hbn8-4ybv","summary":"sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3665","reference_id":"","reference_type":"","scores":[{"value":"0.03707","scoring_system":"epss","scoring_elements":"0.88158","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3665"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665","reference_id":"CVE-2011-3665","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58","reference_id":"mfsa2011-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3665"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kevz-hbn8-4ybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2219?format=json","vulnerability_id":"VCID-kkaz-32r9-4fhc","summary":"Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1967","reference_id":"","reference_type":"","scores":[{"value":"0.03399","scoring_system":"epss","scoring_elements":"0.87615","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840259","reference_id":"840259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967","reference_id":"CVE-2012-1967","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56","reference_id":"mfsa2012-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1967"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkaz-32r9-4fhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=json","vulnerability_id":"VCID-knbx-h6rk-9qfu","summary":"Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues.  The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3388","reference_id":"","reference_type":"","scores":[{"value":"0.02632","scoring_system":"epss","scoring_elements":"0.85943","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=548539","reference_id":"548539","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=548539"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743","reference_id":"575743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388","reference_id":"CVE-2009-3388","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-66","reference_id":"mfsa2009-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-66"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3388"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knbx-h6rk-9qfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=json","vulnerability_id":"VCID-knur-edxh-4ydw","summary":"Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation.  This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins.  This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0059","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45732","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0059"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=681369","reference_id":"681369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=681369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059","reference_id":"CVE-2011-0059","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-10","reference_id":"mfsa2011-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0059"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knur-edxh-4ydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2633?format=json","vulnerability_id":"VCID-kr3x-4kyw-rbcv","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers.  This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75789","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157","reference_id":"530157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374","reference_id":"CVE-2009-3374","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57","reference_id":"mfsa2009-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kr3x-4kyw-rbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=json","vulnerability_id":"VCID-ksst-4srh-c3eu","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1833","reference_id":"","reference_type":"","scores":[{"value":"0.1037","scoring_system":"epss","scoring_elements":"0.93322","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1833"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503570","reference_id":"503570","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833","reference_id":"CVE-2009-1833","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1833"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksst-4srh-c3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2199?format=json","vulnerability_id":"VCID-kts9-w6sz-kkbj","summary":"Security researcher wushi of team509 reported that\nthe frame construction process for certain types of menus could result\nin a menu containing a pointer to a previously freed menu item.\nDuring the cycle collection process, this freed item could be accessed,\nresulting in the execution of a section of code potentially controlled\nby an attacker.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0183","reference_id":"","reference_type":"","scores":[{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.90113","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590822","reference_id":"590822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183","reference_id":"CVE-2010-0183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-27","reference_id":"mfsa2010-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kts9-w6sz-kkbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2419?format=json","vulnerability_id":"VCID-kufy-1tyw-4qa2","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5016","reference_id":"","reference_type":"","scores":[{"value":"0.21255","scoring_system":"epss","scoring_elements":"0.95776","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470881","reference_id":"470881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016","reference_id":"CVE-2008-5016","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kufy-1tyw-4qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2653?format=json","vulnerability_id":"VCID-kvaw-h1xw-vuf5","summary":"Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document.  This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1839","reference_id":"","reference_type":"","scores":[{"value":"0.15161","scoring_system":"epss","scoring_elements":"0.94708","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503581","reference_id":"503581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839","reference_id":"CVE-2009-1839","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html","reference_id":"CVE-2009-1839;OSVDB-55163","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30","reference_id":"mfsa2009-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1839"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvaw-h1xw-vuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=json","vulnerability_id":"VCID-kvg8-pa7m-2bfg","summary":"Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170","reference_id":"","reference_type":"","scores":[{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.7888","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047","reference_id":"630047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170","reference_id":"CVE-2010-3170","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70","reference_id":"mfsa2010-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0862","reference_id":"RHSA-2010:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0862"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvg8-pa7m-2bfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2440?format=json","vulnerability_id":"VCID-kws9-mf7a-syh8","summary":"Mozilla developer Georgi Guninski reported that\nthe canvas element could be used in conjunction with an HTTP redirect\nto bypass same-origin restrictions and gain access to the content in\narbitrary images from other domains.  This vulnerability could be used\nby an attacker to steal private information from a victim who is\nlogged into a website that stores the data in images.Security researchers Michal Zalewski\nand Chris Evans also reported an additional threat\ncaused by this vulnerability in which an attacker can enumerate the\nsoftware installed on a victim's computer by using moz-icon as the\nredirection target.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5012","reference_id":"","reference_type":"","scores":[{"value":"0.05969","scoring_system":"epss","scoring_elements":"0.90796","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5012"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470864","reference_id":"470864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012","reference_id":"CVE-2008-5012","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48","reference_id":"mfsa2008-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kws9-mf7a-syh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2430?format=json","vulnerability_id":"VCID-kzjq-mq5p-w7em","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be\nbypassed. This vulnerability could be used to execute JavaScript in\nthe context of a different website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5022","reference_id":"","reference_type":"","scores":[{"value":"0.13446","scoring_system":"epss","scoring_elements":"0.94316","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470895","reference_id":"470895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022","reference_id":"CVE-2008-5022","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56","reference_id":"mfsa2008-56","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5022"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzjq-mq5p-w7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74937?format=json","vulnerability_id":"VCID-m29z-y4um-wqbf","summary":"security flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5052","reference_id":"","reference_type":"","scores":[{"value":"0.18653","scoring_system":"epss","scoring_elements":"0.95381","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5052"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618336","reference_id":"1618336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618336"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5052"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m29z-y4um-wqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2313?format=json","vulnerability_id":"VCID-m7sq-29rx-pff5","summary":"Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3993","reference_id":"","reference_type":"","scores":[{"value":"0.8084","scoring_system":"epss","scoring_elements":"0.9917","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623","reference_id":"863623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993","reference_id":"CVE-2012-3993","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb","reference_id":"CVE-2012-3993;OSVDB-96019;CVE-2013-1710","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb","reference_id":"CVE-2012-3993;OSVDB-96019;CVE-2013-1710","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83","reference_id":"mfsa2012-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3993"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7sq-29rx-pff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2325?format=json","vulnerability_id":"VCID-mbgs-b2qj-ukg1","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3961","reference_id":"","reference_type":"","scores":[{"value":"0.02093","scoring_system":"epss","scoring_elements":"0.8431","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961","reference_id":"CVE-2012-3961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgs-b2qj-ukg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2793?format=json","vulnerability_id":"VCID-mcy6-z48m-tufs","summary":"David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0076","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60376","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076","reference_id":"CVE-2011-0076","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15","reference_id":"mfsa2011-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0076"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcy6-z48m-tufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=json","vulnerability_id":"VCID-mfbd-41mr-7kg5","summary":"Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0164","reference_id":"","reference_type":"","scores":[{"value":"0.07524","scoring_system":"epss","scoring_elements":"0.91929","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164","reference_id":"CVE-2010-0164","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-09","reference_id":"mfsa2010-09","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfbd-41mr-7kg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2425?format=json","vulnerability_id":"VCID-mftz-nzj1-hudz","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4063","reference_id":"","reference_type":"","scores":[{"value":"0.02887","scoring_system":"epss","scoring_elements":"0.86551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4063"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463203","reference_id":"463203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063","reference_id":"CVE-2008-4063","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mftz-nzj1-hudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=json","vulnerability_id":"VCID-mh43-ax68-gkhz","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4180","reference_id":"","reference_type":"","scores":[{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92957","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180","reference_id":"CVE-2012-4180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4180"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh43-ax68-gkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2852?format=json","vulnerability_id":"VCID-mj22-p5cg-43c3","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2364","reference_id":"","reference_type":"","scores":[{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86331","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364","reference_id":"CVE-2011-2364","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2364"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj22-p5cg-43c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2833?format=json","vulnerability_id":"VCID-mm8q-zcef-e3g1","summary":"sczimmer reported that Firefox crashed when loading\na particular .ogg file. This was due to a use-after-free\ncondition and could potentially be exploited to install malware.\nThis vulnerability does not affect Firefox 3.6 or earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3005","reference_id":"","reference_type":"","scores":[{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89071","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005","reference_id":"CVE-2011-3005","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-44","reference_id":"mfsa2011-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-44"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3005"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8q-zcef-e3g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2786?format=json","vulnerability_id":"VCID-mmc8-9gbv-fbat","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0070","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88824","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700640","reference_id":"700640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070","reference_id":"CVE-2011-0070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmc8-9gbv-fbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2158?format=json","vulnerability_id":"VCID-mmw9-8yss-vke8","summary":"Security researcher Ilja van Sprundel of IOActive\nreported that the Content-Disposition: attachment HTTP\nheader was ignored when Content-Type: multipart was also\npresent.  This issue could potentially lead to XSS problems in sites\nthat allow users to upload arbitrary files and specify a Content-Type\nbut rely on Content-Disposition: attachment to prevent\nthe content from being displayed inline.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1197","reference_id":"","reference_type":"","scores":[{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77638","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590850","reference_id":"590850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197","reference_id":"CVE-2010-1197","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-32","reference_id":"mfsa2010-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmw9-8yss-vke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=json","vulnerability_id":"VCID-ms5v-jk9f-dkbd","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4183","reference_id":"","reference_type":"","scores":[{"value":"0.02721","scoring_system":"epss","scoring_elements":"0.86181","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183","reference_id":"CVE-2012-4183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5v-jk9f-dkbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=json","vulnerability_id":"VCID-n4t4-2b9j-hqa1","summary":"Mozilla add-on developer and community member Wladimir\nPalant reported broken functionality on pages that had a\nLink: HTTP header when an add-on was installed\nwhich implemented a Content Policy in JavaScript, such\nas AdBlock Plus or NoScript.  Mozilla security\nresearcher moz_bug_r_a4 demonstrated that the broken\nfunctionality was due to the window's global object\nreceiving an incorrect security wrapper and that this issue could be\nused to execute arbitrary JavaScript with chrome privileges.This vulnerability does not affect Firefox\nprior to version 3.5","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2665","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80476","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665","reference_id":"CVE-2009-2665","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-46","reference_id":"mfsa2009-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2665"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t4-2b9j-hqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2283?format=json","vulnerability_id":"VCID-n5sw-3tyh-nbcm","summary":"Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4205","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.7427","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877625","reference_id":"877625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205","reference_id":"CVE-2012-4205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97","reference_id":"mfsa2012-97","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5sw-3tyh-nbcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2655?format=json","vulnerability_id":"VCID-n5xr-5qvw-2yah","summary":"Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree\nmethod _moveToEdgeShift was in some cases triggering\ngarbage collection routines on objects which were still in use.  In\nsuch cases, the browser would crash when attempting to access a\npreviously destroyed object and this crash could be used by an\nattacker to run arbitrary code on a victim's computer.This vulnerability was used by the reporter to win the\n2009 CanSecWest Pwn2Own contest.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1044","reference_id":"","reference_type":"","scores":[{"value":"0.07842","scoring_system":"epss","scoring_elements":"0.92112","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1044"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=492212","reference_id":"492212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=492212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044","reference_id":"CVE-2009-1044","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-13","reference_id":"mfsa2009-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0397","reference_id":"RHSA-2009:0397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0398","reference_id":"RHSA-2009:0398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0398"},{"reference_url":"https://usn.ubuntu.com/745-1/","reference_id":"USN-745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5xr-5qvw-2yah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2353?format=json","vulnerability_id":"VCID-n747-sujq-tqgf","summary":"Mozilla community member Daniel Glazman of Disruptive\nInnovations reported a crash when accessing a keyframe's cssText after dynamic\nmodification. This crash may be potentially exploitable.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0459","reference_id":"","reference_type":"","scores":[{"value":"0.03436","scoring_system":"epss","scoring_elements":"0.87683","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803112","reference_id":"803112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459","reference_id":"CVE-2012-0459","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17","reference_id":"mfsa2012-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n747-sujq-tqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=json","vulnerability_id":"VCID-n7vg-xm1u-qkcq","summary":"Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3976","reference_id":"","reference_type":"","scores":[{"value":"0.00776","scoring_system":"epss","scoring_elements":"0.73923","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851931","reference_id":"851931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976","reference_id":"CVE-2012-3976","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-69","reference_id":"mfsa2012-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7vg-xm1u-qkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=json","vulnerability_id":"VCID-n9a3-1qv2-6yfw","summary":"Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4192","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75469","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865283","reference_id":"865283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192","reference_id":"CVE-2012-4192","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89","reference_id":"mfsa2012-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89"},{"reference_url":"https://usn.ubuntu.com/1608-1/","reference_id":"USN-1608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1608-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4192"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9a3-1qv2-6yfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88963?format=json","vulnerability_id":"VCID-najm-etj8-sffz","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1994","reference_id":"","reference_type":"","scores":[{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70247","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1994"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1994"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-najm-etj8-sffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2454?format=json","vulnerability_id":"VCID-ncyn-54s5-yqcw","summary":"ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code.  This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing.  When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash.  This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5021","reference_id":"","reference_type":"","scores":[{"value":"0.23762","scoring_system":"epss","scoring_elements":"0.96097","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470894","reference_id":"470894","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021","reference_id":"CVE-2008-5021","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55","reference_id":"mfsa2008-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5021"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncyn-54s5-yqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=json","vulnerability_id":"VCID-nd55-spy5-9qau","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0073","reference_id":"","reference_type":"","scores":[{"value":"0.81161","scoring_system":"epss","scoring_elements":"0.99184","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700619","reference_id":"700619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073","reference_id":"CVE-2011-0073","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-11-157/","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-157/"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0073"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nd55-spy5-9qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2321?format=json","vulnerability_id":"VCID-nesy-7bkx-87ax","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3957","reference_id":"","reference_type":"","scores":[{"value":"0.02961","scoring_system":"epss","scoring_elements":"0.86719","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957","reference_id":"CVE-2012-3957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nesy-7bkx-87ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73917?format=json","vulnerability_id":"VCID-nf5h-hc8m-gyax","summary":"Seamonkey: NULL pointer dereference in GIF decoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3978","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71852","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3978"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=547292","reference_id":"547292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=547292"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3978"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf5h-hc8m-gyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=json","vulnerability_id":"VCID-nhbn-aqde-vue5","summary":"Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length.  DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173","reference_id":"","reference_type":"","scores":[{"value":"0.02315","scoring_system":"epss","scoring_elements":"0.85043","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302","reference_id":"642302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173","reference_id":"CVE-2010-3173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72","reference_id":"mfsa2010-72","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbn-aqde-vue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2444?format=json","vulnerability_id":"VCID-nhpz-urjv-bfet","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4060","reference_id":"","reference_type":"","scores":[{"value":"0.02018","scoring_system":"epss","scoring_elements":"0.84036","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463198","reference_id":"463198","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060","reference_id":"CVE-2008-4060","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4060"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhpz-urjv-bfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2348?format=json","vulnerability_id":"VCID-nkdg-ez7k-7qdh","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1940","reference_id":"","reference_type":"","scores":[{"value":"0.03035","scoring_system":"epss","scoring_elements":"0.86893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940","reference_id":"CVE-2012-1940","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1940"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkdg-ez7k-7qdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88960?format=json","vulnerability_id":"VCID-nnck-qb21-3ueg","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5074","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39132","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-5074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnck-qb21-3ueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2119?format=json","vulnerability_id":"VCID-nqeq-nees-u3dk","summary":"Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped.  A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2769","reference_id":"","reference_type":"","scores":[{"value":"0.01267","scoring_system":"epss","scoring_elements":"0.79772","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630075","reference_id":"630075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769","reference_id":"CVE-2010-2769","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62","reference_id":"mfsa2010-62","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqeq-nees-u3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=json","vulnerability_id":"VCID-nwhc-qysh-3qfk","summary":"Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry.  A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3987","reference_id":"","reference_type":"","scores":[{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74547","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3987"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546729","reference_id":"546729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987","reference_id":"CVE-2009-3987","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71","reference_id":"mfsa2009-71","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3987"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwhc-qysh-3qfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2623?format=json","vulnerability_id":"VCID-nwkn-p5sh-jbhk","summary":"Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar.  This whitespace\ncould be used to force part of the URL out of view in the location\nbar.  An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1834","reference_id":"","reference_type":"","scores":[{"value":"0.11374","scoring_system":"epss","scoring_elements":"0.9367","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1834"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503573","reference_id":"503573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834","reference_id":"CVE-2009-1834","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt","reference_id":"CVE-2009-1834;OSVDB-55162","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt"},{"reference_url":"https://www.securityfocus.com/bid/35388/info","reference_id":"CVE-2009-1834;OSVDB-55162","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35388/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25","reference_id":"mfsa2009-25","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwkn-p5sh-jbhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2862?format=json","vulnerability_id":"VCID-nxgs-2jdy-sbbp","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2363","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87676","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363","reference_id":"CVE-2011-2363","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2363"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxgs-2jdy-sbbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=json","vulnerability_id":"VCID-nyu8-zhfr-ubhx","summary":"Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer.  Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed.  If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security.  After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3131","reference_id":"","reference_type":"","scores":[{"value":"0.10225","scoring_system":"epss","scoring_elements":"0.93263","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131","reference_id":"CVE-2010-3131","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c","reference_id":"CVE-2010-3131;OSVDB-67502","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c","reference_id":"CVE-2010-3131;OSVDB-67502","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52","reference_id":"mfsa2010-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyu8-zhfr-ubhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=json","vulnerability_id":"VCID-p51y-by4w-qyd7","summary":"An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory.  An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3077","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.903","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521693","reference_id":"521693","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077","reference_id":"CVE-2009-3077","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49","reference_id":"mfsa2009-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3077"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p51y-by4w-qyd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=json","vulnerability_id":"VCID-p5zn-r2n7-8ugt","summary":"Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1945","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40971","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1945"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827831","reference_id":"827831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945","reference_id":"CVE-2012-1945","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37","reference_id":"mfsa2012-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1945"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5zn-r2n7-8ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2393?format=json","vulnerability_id":"VCID-p6xe-qepz-7kez","summary":"Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3978","reference_id":"","reference_type":"","scores":[{"value":"0.01292","scoring_system":"epss","scoring_elements":"0.79982","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3978"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851937","reference_id":"851937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978","reference_id":"CVE-2012-3978","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-70","reference_id":"mfsa2012-70","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3978"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6xe-qepz-7kez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=json","vulnerability_id":"VCID-pc3m-3w52-9yb1","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1951","reference_id":"","reference_type":"","scores":[{"value":"0.03397","scoring_system":"epss","scoring_elements":"0.87612","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1951"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951","reference_id":"CVE-2012-1951","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1951"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc3m-3w52-9yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2579?format=json","vulnerability_id":"VCID-pgt7-k439-dyby","summary":"Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property.  The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469","reference_id":"","reference_type":"","scores":[{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142","reference_id":"512142","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469","reference_id":"CVE-2009-2469","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37","reference_id":"mfsa2009-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2469"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgt7-k439-dyby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2804?format=json","vulnerability_id":"VCID-pgty-eyet-87gt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2985","reference_id":"","reference_type":"","scores":[{"value":"0.06676","scoring_system":"epss","scoring_elements":"0.9137","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985","reference_id":"CVE-2011-2985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgty-eyet-87gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2335?format=json","vulnerability_id":"VCID-phx6-pmuh-8bdr","summary":"Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0456","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74253","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116","reference_id":"803116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456","reference_id":"CVE-2012-0456","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14","reference_id":"mfsa2012-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phx6-pmuh-8bdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2863?format=json","vulnerability_id":"VCID-phyz-e3br-qffu","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0085","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87676","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0085"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085","reference_id":"CVE-2011-0085","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0085"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phyz-e3br-qffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2116?format=json","vulnerability_id":"VCID-pkky-dzgj-2qay","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>.  In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used.  An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0176","reference_id":"","reference_type":"","scores":[{"value":"0.05361","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578150","reference_id":"578150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176","reference_id":"CVE-2010-0176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18","reference_id":"mfsa2010-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkky-dzgj-2qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2182?format=json","vulnerability_id":"VCID-pq8y-auvb-mkgw","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3777","reference_id":"","reference_type":"","scores":[{"value":"0.06912","scoring_system":"epss","scoring_elements":"0.91532","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660415","reference_id":"660415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777","reference_id":"CVE-2010-3777","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3777"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq8y-auvb-mkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2358?format=json","vulnerability_id":"VCID-ps3u-nesw-myaw","summary":"Security researcher Mario Gomes andresearch firm\nCode Audit Labs reported a mechanism to short-circuit page\nloads through drag and drop to the addressbar by canceling the page load. This\ncauses the address of the previously site entered to be displayed in the\naddressbar instead of the currently loaded page. This could lead to potential\nphishing attacks on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1950","reference_id":"","reference_type":"","scores":[{"value":"0.02775","scoring_system":"epss","scoring_elements":"0.86295","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840203","reference_id":"840203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950","reference_id":"CVE-2012-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43","reference_id":"mfsa2012-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ps3u-nesw-myaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=json","vulnerability_id":"VCID-ptfk-cy8g-wyef","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2991","reference_id":"","reference_type":"","scores":[{"value":"0.07005","scoring_system":"epss","scoring_elements":"0.91598","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991","reference_id":"CVE-2011-2991","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2991"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptfk-cy8g-wyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88954?format=json","vulnerability_id":"VCID-pwuc-1qfh-wue2","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2043","reference_id":"","reference_type":"","scores":[{"value":"0.03735","scoring_system":"epss","scoring_elements":"0.88197","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2043"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt","reference_id":"CVE-2009-2043;OSVDB-55197","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt"},{"reference_url":"https://www.securityfocus.com/bid/35413/info","reference_id":"CVE-2009-2043;OSVDB-55197","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35413/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2043"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwuc-1qfh-wue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2129?format=json","vulnerability_id":"VCID-q19p-umh9-rydp","summary":"Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs.  A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text.  When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3166","reference_id":"","reference_type":"","scores":[{"value":"0.05962","scoring_system":"epss","scoring_elements":"0.90793","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3166"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630061","reference_id":"630061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166","reference_id":"CVE-2010-3166","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53","reference_id":"mfsa2010-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q19p-umh9-rydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2361?format=json","vulnerability_id":"VCID-q3gb-89sm-8yc3","summary":"Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4207","reference_id":"","reference_type":"","scores":[{"value":"0.01278","scoring_system":"epss","scoring_elements":"0.79872","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877629","reference_id":"877629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207","reference_id":"CVE-2012-4207","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101","reference_id":"mfsa2012-101","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3gb-89sm-8yc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2346?format=json","vulnerability_id":"VCID-q4xw-urcg-83bw","summary":"Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0460","reference_id":"","reference_type":"","scores":[{"value":"0.01798","scoring_system":"epss","scoring_elements":"0.83093","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803111","reference_id":"803111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460","reference_id":"CVE-2012-0460","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18","reference_id":"mfsa2012-18","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0460"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4xw-urcg-83bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2654?format=json","vulnerability_id":"VCID-q8zq-w7zs-h3gp","summary":"Moxie Marlinspike reported a heap overflow vulnerability\nin the code that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary code\nby presenting a specially crafted certificate to the client. This code\nprovided compatibility with the non-standard regular expression syntax\nhistorically supported by Netscape clients and servers. With version 3.5\nFirefox switched to the more limited industry-standard wildcard syntax\ninstead and is not vulnerable to this flaw.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2404","reference_id":"","reference_type":"","scores":[{"value":"0.21024","scoring_system":"epss","scoring_elements":"0.9574","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2404"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512912","reference_id":"512912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512912"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934","reference_id":"539934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404","reference_id":"CVE-2009-2404","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-43","reference_id":"mfsa2009-43","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1184","reference_id":"RHSA-2009:1184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1185","reference_id":"RHSA-2009:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1186","reference_id":"RHSA-2009:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1190","reference_id":"RHSA-2009:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1207","reference_id":"RHSA-2009:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1207"},{"reference_url":"https://usn.ubuntu.com/810-1/","reference_id":"USN-810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zq-w7zs-h3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2398?format=json","vulnerability_id":"VCID-qemc-854g-kfgx","summary":"Mozilla security researcher moz_bug_r_a4 reported\nan additional variation on the feed preview vulnerabilities\nfixed in Firefox 2.0.0.17.\nmoz_bug_r_a4 demonstrated that it was still possible to\nuse the feed preview as a vector for JavaScript privilege escalation.\nAn attacker could use this issue to run arbitrary JavaScript with\nchrome privileges.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5504","reference_id":"","reference_type":"","scores":[{"value":"0.03153","scoring_system":"epss","scoring_elements":"0.87121","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5504"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476273","reference_id":"476273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504","reference_id":"CVE-2008-5504","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-62","reference_id":"mfsa2008-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qemc-854g-kfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2821?format=json","vulnerability_id":"VCID-qfe3-wddm-c7ee","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2378","reference_id":"","reference_type":"","scores":[{"value":"0.04955","scoring_system":"epss","scoring_elements":"0.89808","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2378"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730521","reference_id":"730521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378","reference_id":"CVE-2011-2378","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfe3-wddm-c7ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2389?format=json","vulnerability_id":"VCID-qg3e-xxn8-eqc5","summary":"Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5836","reference_id":"","reference_type":"","scores":[{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80588","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877617","reference_id":"877617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836","reference_id":"CVE-2012-5836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94","reference_id":"mfsa2012-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qg3e-xxn8-eqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2585?format=json","vulnerability_id":"VCID-qj9j-vc8m-1uhp","summary":"Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document.  An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2654","reference_id":"","reference_type":"","scores":[{"value":"0.13196","scoring_system":"epss","scoring_elements":"0.94247","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521311","reference_id":"521311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654","reference_id":"CVE-2009-2654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html","reference_id":"CVE-2009-2654;OSVDB-56717","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html"},{"reference_url":"https://www.securityfocus.com/bid/35803/info","reference_id":"CVE-2009-2654;OSVDB-56717","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35803/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44","reference_id":"mfsa2009-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://usn.ubuntu.com/811-1/","reference_id":"USN-811-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/811-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qj9j-vc8m-1uhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2342?format=json","vulnerability_id":"VCID-qkw1-m8aa-2qgn","summary":"Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0479","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.7391","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815044","reference_id":"815044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479","reference_id":"CVE-2012-0479","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33","reference_id":"mfsa2012-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0479"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkw1-m8aa-2qgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2784?format=json","vulnerability_id":"VCID-qmh7-fvnc-tqhn","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0081","reference_id":"","reference_type":"","scores":[{"value":"0.04704","scoring_system":"epss","scoring_elements":"0.89531","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0081"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700676","reference_id":"700676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081","reference_id":"CVE-2011-0081","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmh7-fvnc-tqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=json","vulnerability_id":"VCID-qn4t-s1ek-vkcm","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object.  Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183","reference_id":"","reference_type":"","scores":[{"value":"0.06976","scoring_system":"epss","scoring_elements":"0.91578","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286","reference_id":"642286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183","reference_id":"CVE-2010-3183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67","reference_id":"mfsa2010-67","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4t-s1ek-vkcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2374?format=json","vulnerability_id":"VCID-qns8-fjf9-13fr","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0468","reference_id":"","reference_type":"","scores":[{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85486","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0468"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000","reference_id":"815000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468","reference_id":"CVE-2012-0468","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20","reference_id":"mfsa2012-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0468"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qns8-fjf9-13fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=json","vulnerability_id":"VCID-qtwn-s22a-zufy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2986","reference_id":"","reference_type":"","scores":[{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59674","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986","reference_id":"CVE-2011-2986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtwn-s22a-zufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2583?format=json","vulnerability_id":"VCID-qwt7-qwnt-5qan","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat a chrome XBL method can be used in conjunction\nwith window.eval to execute arbitrary JavaScript within\nthe context of another website, violating the same origin policy.Firefox 2 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0354","reference_id":"","reference_type":"","scores":[{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.7416","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483142","reference_id":"483142","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354","reference_id":"CVE-2009-0354","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-02","reference_id":"mfsa2009-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0354"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwt7-qwnt-5qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2131?format=json","vulnerability_id":"VCID-qyxv-c1m4-pbc7","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2753","reference_id":"","reference_type":"","scores":[{"value":"0.04086","scoring_system":"epss","scoring_elements":"0.88754","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615466","reference_id":"615466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753","reference_id":"CVE-2010-2753","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40","reference_id":"mfsa2010-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54","reference_id":"mfsa2010-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2753"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyxv-c1m4-pbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2844?format=json","vulnerability_id":"VCID-qzad-6448-1qcf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2993","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58557","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993","reference_id":"CVE-2011-2993","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2993"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzad-6448-1qcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73584?format=json","vulnerability_id":"VCID-r1w6-3h83-eue3","summary":"webkit: stylesheet URL property leaks redirection target","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0648","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63479","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=568170","reference_id":"568170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=568170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1w6-3h83-eue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=json","vulnerability_id":"VCID-r4hv-qrsj-77gz","summary":"Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files.  In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372","reference_id":"","reference_type":"","scores":[{"value":"0.02124","scoring_system":"epss","scoring_elements":"0.84429","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155","reference_id":"530155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372","reference_id":"CVE-2009-3372","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55","reference_id":"mfsa2009-55","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3372"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4hv-qrsj-77gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=json","vulnerability_id":"VCID-r8vx-y8mz-hqcu","summary":"Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3663","reference_id":"","reference_type":"","scores":[{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.76787","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3663"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663","reference_id":"CVE-2011-3663","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56","reference_id":"mfsa2011-56","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8vx-y8mz-hqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2153?format=json","vulnerability_id":"VCID-rb1h-hqfc-hkfq","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463","reference_id":"","reference_type":"","scores":[{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88792","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131","reference_id":"512131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463","reference_id":"CVE-2009-2463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rb1h-hqfc-hkfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2823?format=json","vulnerability_id":"VCID-rd8u-nbex-d7hp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2984","reference_id":"","reference_type":"","scores":[{"value":"0.01538","scoring_system":"epss","scoring_elements":"0.81655","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730522","reference_id":"730522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984","reference_id":"CVE-2011-2984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8u-nbex-d7hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=json","vulnerability_id":"VCID-reea-m7yc-47e8","summary":"Mozilla contributor Masahiro Yamada reported that\ncertain invisible control characters were being decoded when displayed\nin the location bar, resulting in fewer visible characters than were\npresent in the actual location.  An attacker could use this\nvulnerability to spoof the location bar and display a misleading URL\nfor their malicious web page.The initial version of this advisory incorrectly listed\nThunderbird and SeaMonkey as affected products. Firefox is the only\nproduct affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0777","reference_id":"","reference_type":"","scores":[{"value":"0.02024","scoring_system":"epss","scoring_elements":"0.84061","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488292","reference_id":"488292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777","reference_id":"CVE-2009-0777","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-11","reference_id":"mfsa2009-11","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0777"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-reea-m7yc-47e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2228?format=json","vulnerability_id":"VCID-reun-f46b-skb1","summary":"Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1961","reference_id":"","reference_type":"","scores":[{"value":"0.01172","scoring_system":"epss","scoring_elements":"0.78994","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840214","reference_id":"840214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961","reference_id":"CVE-2012-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51","reference_id":"mfsa2012-51","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-reun-f46b-skb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70678?format=json","vulnerability_id":"VCID-rghv-fe21-w3h2","summary":"Mozilla: Select element persistance allows for attacks (MFSA 2012-75)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5354","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75764","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616","reference_id":"863616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5354"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rghv-fe21-w3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2284?format=json","vulnerability_id":"VCID-rhhn-tqga-gqea","summary":"Security researcher Mariusz Mlynski reported that the\nlocation property can be accessed by binary plugins through\ntop.location and top can be shadowed by\nObject.defineProperty as well. This can allow for possible\ncross-site scripting (XSS) attacks through plugins.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3994","reference_id":"","reference_type":"","scores":[{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76383","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863622","reference_id":"863622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994","reference_id":"CVE-2012-3994","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-82","reference_id":"mfsa2012-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3994"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhhn-tqga-gqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74250?format=json","vulnerability_id":"VCID-rhmg-v6z6-kfau","summary":"Thunderbird: DoS via large length property of a Select object","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2535","reference_id":"","reference_type":"","scores":[{"value":"0.08242","scoring_system":"epss","scoring_elements":"0.92347","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512909","reference_id":"512909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512909"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt","reference_id":"OSVDB-56253;CVE-2009-2535","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2535"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmg-v6z6-kfau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2666?format=json","vulnerability_id":"VCID-rrat-t5xc-4qdr","summary":"Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject.  Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1837","reference_id":"","reference_type":"","scores":[{"value":"0.02184","scoring_system":"epss","scoring_elements":"0.84638","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503579","reference_id":"503579","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837","reference_id":"CVE-2009-1837","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28","reference_id":"mfsa2009-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrat-t5xc-4qdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2376?format=json","vulnerability_id":"VCID-rt45-ac3f-xqau","summary":"Mozilla security researcher Mark Goodwin discovered an issue\nwith the Firefox developer tools' debugger. If remote debugging is disabled, but\nthe experimental HTTPMonitor extension has been installed and enabled, a remote\nuser can connect to and use the remote debugging service through the port used\nby HTTPMonitor. A remote-enabled flag has been added to resolve\nthis problem and close the port unless debugging is explicitly enabled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3973","reference_id":"","reference_type":"","scores":[{"value":"0.03046","scoring_system":"epss","scoring_elements":"0.8691","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851925","reference_id":"851925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973","reference_id":"CVE-2012-3973","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-66","reference_id":"mfsa2012-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-66"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3973"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt45-ac3f-xqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=json","vulnerability_id":"VCID-rvf4-88af-f7ga","summary":"Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument.  The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext.  The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate.  A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1206","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64404","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1206"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608763","reference_id":"608763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206","reference_id":"CVE-2010-1206","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45","reference_id":"mfsa2010-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvf4-88af-f7ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2301?format=json","vulnerability_id":"VCID-rxnh-fjyt-cyab","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4212","reference_id":"","reference_type":"","scores":[{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81612","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877942","reference_id":"877942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212","reference_id":"CVE-2012-4212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxnh-fjyt-cyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2645?format=json","vulnerability_id":"VCID-rzj8-31mb-ebf8","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0774","reference_id":"","reference_type":"","scores":[{"value":"0.0746","scoring_system":"epss","scoring_elements":"0.91881","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488283","reference_id":"488283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774","reference_id":"CVE-2009-0774","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzj8-31mb-ebf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2667?format=json","vulnerability_id":"VCID-s1mt-2tfz-skfw","summary":"Paul Nel reported that certain HTTP directives to\nnot cache web pages, Cache-Control: no-store and Cache-Control:\nno-cache for HTTPS pages, were being ignored by Firefox 3.  On a\nshared system, applications relying upon these HTTP directives could\npotentially expose private data.  Another user on the system could use\nthis vulnerability to view improperly cached pages containing private\ndata by navigating the browser back.Firefox 2 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0358","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40971","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0358"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483150","reference_id":"483150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358","reference_id":"CVE-2009-0358","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-06","reference_id":"mfsa2009-06","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1mt-2tfz-skfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=json","vulnerability_id":"VCID-s1nm-cdq2-nqec","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0065","reference_id":"","reference_type":"","scores":[{"value":"0.83259","scoring_system":"epss","scoring_elements":"0.99284","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700658","reference_id":"700658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065","reference_id":"CVE-2011-0065","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0065"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1nm-cdq2-nqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2861?format=json","vulnerability_id":"VCID-s27c-6ahy-gbgd","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0083","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87676","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083","reference_id":"CVE-2011-0083","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0083"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s27c-6ahy-gbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2392?format=json","vulnerability_id":"VCID-s4v8-msj6-j3dw","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3659","reference_id":"","reference_type":"","scores":[{"value":"0.72536","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3659"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=786258","reference_id":"786258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=786258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659","reference_id":"CVE-2011-3659","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb","reference_id":"CVE-2011-3659;OSVDB-78736","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413","reference_id":"CVE-2011-3659;OSVDB-78736","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04","reference_id":"mfsa2012-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3659"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4v8-msj6-j3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2660?format=json","vulnerability_id":"VCID-s4x4-jhdq-efan","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1303","reference_id":"","reference_type":"","scores":[{"value":"0.02802","scoring_system":"epss","scoring_elements":"0.86364","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1303"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496253","reference_id":"496253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303","reference_id":"CVE-2009-1303","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1303"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4x4-jhdq-efan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2475?format=json","vulnerability_id":"VCID-s6mw-fa6n-wyeh","summary":"Security researcher Luke Bryan reported that file:\nURIs are given chrome privileges when opened in the same tab as a\nchrome page or privileged about: page.  This vulnerability could be\nused by an attacker to run arbitrary JavaScript with chrome\nprivileges.  The severity of this issue was determined to be moderate\nas it requires an attacker to have malicious code saved locally, then\nhave a user open a chrome: document or privileged about: URI, and then\nopen the malicious file in the same privileged tab.Firefox 2 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5015","reference_id":"","reference_type":"","scores":[{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90557","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5015"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470876","reference_id":"470876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015","reference_id":"CVE-2008-5015","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-51","reference_id":"mfsa2008-51","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6mw-fa6n-wyeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2347?format=json","vulnerability_id":"VCID-s9rz-eera-tbhz","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1947","reference_id":"","reference_type":"","scores":[{"value":"0.06784","scoring_system":"epss","scoring_elements":"0.9145","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947","reference_id":"CVE-2012-1947","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1947"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rz-eera-tbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2366?format=json","vulnerability_id":"VCID-sf66-zf27-cugn","summary":"Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0447","reference_id":"","reference_type":"","scores":[{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69773","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447","reference_id":"CVE-2012-0447","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-06","reference_id":"mfsa2012-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-06"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0447"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf66-zf27-cugn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=json","vulnerability_id":"VCID-sgvb-u7qc-57bx","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory.  If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3167","reference_id":"","reference_type":"","scores":[{"value":"0.05398","scoring_system":"epss","scoring_elements":"0.90265","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630067","reference_id":"630067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167","reference_id":"CVE-2010-3167","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56","reference_id":"mfsa2010-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgvb-u7qc-57bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2122?format=json","vulnerability_id":"VCID-sh8a-1d68-mudt","summary":"Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface.  A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0169","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62457","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576694","reference_id":"576694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169","reference_id":"CVE-2010-0169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-14","reference_id":"mfsa2010-14","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh8a-1d68-mudt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=json","vulnerability_id":"VCID-shxn-m14n-7far","summary":"Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3972","reference_id":"","reference_type":"","scores":[{"value":"0.04549","scoring_system":"epss","scoring_elements":"0.89357","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851924","reference_id":"851924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972","reference_id":"CVE-2012-3972","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-65","reference_id":"mfsa2012-65","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3972"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shxn-m14n-7far"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=json","vulnerability_id":"VCID-snem-pp9z-aqb9","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2760","reference_id":"","reference_type":"","scores":[{"value":"0.04467","scoring_system":"epss","scoring_elements":"0.89262","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630062","reference_id":"630062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760","reference_id":"CVE-2010-2760","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54","reference_id":"mfsa2010-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2760"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snem-pp9z-aqb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2207?format=json","vulnerability_id":"VCID-sq7j-me19-fyey","summary":"Security researchers Yosuke Hasegawa\nand Masatoshi Kimura reported that the x-mac-arabic,\nx-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS\nattacks due to some characters being converted to angle brackets when\ndisplayed by the rendering engine.  Sites using these character\nencodings would thus be potentially vulnerable to script injection\nattacks if their script filtering code fails to strip out these\nspecific characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3770","reference_id":"","reference_type":"","scores":[{"value":"0.08052","scoring_system":"epss","scoring_elements":"0.92248","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660439","reference_id":"660439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770","reference_id":"CVE-2010-3770","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt","reference_id":"CVE-2010-3770;OSVDB-69772","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt"},{"reference_url":"https://www.securityfocus.com/bid/45353/info","reference_id":"CVE-2010-3770;OSVDB-69772","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45353/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-84","reference_id":"mfsa2010-84","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3770"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7j-me19-fyey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71780?format=json","vulnerability_id":"VCID-ssk9-b2p3-b3ev","summary":"Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2605","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57393","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk9-b2p3-b3ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2351?format=json","vulnerability_id":"VCID-stqg-mham-5bbj","summary":"Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1957","reference_id":"","reference_type":"","scores":[{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77266","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840208","reference_id":"840208","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840208"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957","reference_id":"CVE-2012-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47","reference_id":"mfsa2012-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stqg-mham-5bbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2625?format=json","vulnerability_id":"VCID-sw5m-vvtd-tfb6","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2662","reference_id":"","reference_type":"","scores":[{"value":"0.07076","scoring_system":"epss","scoring_elements":"0.91643","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662","reference_id":"CVE-2009-2662","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2662"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw5m-vvtd-tfb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2443?format=json","vulnerability_id":"VCID-swze-ac2f-43bp","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4059","reference_id":"","reference_type":"","scores":[{"value":"0.07556","scoring_system":"epss","scoring_elements":"0.91948","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4059"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463192","reference_id":"463192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463192"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059","reference_id":"CVE-2008-4059","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4059"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swze-ac2f-43bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2423?format=json","vulnerability_id":"VCID-szd6-wdgm-rqhb","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4061","reference_id":"","reference_type":"","scores":[{"value":"0.03898","scoring_system":"epss","scoring_elements":"0.88471","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463199","reference_id":"463199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061","reference_id":"CVE-2008-4061","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szd6-wdgm-rqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=json","vulnerability_id":"VCID-t4u8-8ysj-tbhh","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3964","reference_id":"","reference_type":"","scores":[{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84438","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964","reference_id":"CVE-2012-3964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3964"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4u8-8ysj-tbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2126?format=json","vulnerability_id":"VCID-t4vh-sf1x-d3dj","summary":"OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng.  A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers.  When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer.  This could result in the\nexecution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1205","reference_id":"","reference_type":"","scores":[{"value":"0.14816","scoring_system":"epss","scoring_elements":"0.94616","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608238","reference_id":"608238","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c","reference_id":"CVE-2010-1205","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205"},{"reference_url":"https://security.gentoo.org/glsa/201010-01","reference_id":"GLSA-201010-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201010-01"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201412-08","reference_id":"GLSA-201412-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-08"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41","reference_id":"mfsa2010-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0534","reference_id":"RHSA-2010:0534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"},{"reference_url":"https://usn.ubuntu.com/960-1/","reference_id":"USN-960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4vh-sf1x-d3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2431?format=json","vulnerability_id":"VCID-t82b-wx66-hbbx","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5500","reference_id":"","reference_type":"","scores":[{"value":"0.06165","scoring_system":"epss","scoring_elements":"0.90963","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476266","reference_id":"476266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500","reference_id":"CVE-2008-5500","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5500"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t82b-wx66-hbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=json","vulnerability_id":"VCID-t8xj-n8m2-kbfg","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1971","reference_id":"","reference_type":"","scores":[{"value":"0.02146","scoring_system":"epss","scoring_elements":"0.84505","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851908","reference_id":"851908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971","reference_id":"CVE-2012-1971","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57","reference_id":"mfsa2012-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1971"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xj-n8m2-kbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2782?format=json","vulnerability_id":"VCID-t8xs-9akz-5yfg","summary":"Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2377","reference_id":"","reference_type":"","scores":[{"value":"0.05899","scoring_system":"epss","scoring_elements":"0.90738","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2377"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714929","reference_id":"714929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377","reference_id":"CVE-2011-2377","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-21","reference_id":"mfsa2011-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xs-9akz-5yfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=json","vulnerability_id":"VCID-tcfs-yn97-zfhw","summary":"Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative.  Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3076","reference_id":"","reference_type":"","scores":[{"value":"0.17599","scoring_system":"epss","scoring_elements":"0.95204","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3076"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521692","reference_id":"521692","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076","reference_id":"CVE-2009-3076","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt","reference_id":"CVE-2009-3076;OSVDB-57977","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-48","reference_id":"mfsa2009-48","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3076"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcfs-yn97-zfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2808?format=json","vulnerability_id":"VCID-td4n-bv4d-jqfn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2987","reference_id":"","reference_type":"","scores":[{"value":"0.10043","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987","reference_id":"CVE-2011-2987","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2987"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td4n-bv4d-jqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2795?format=json","vulnerability_id":"VCID-tguh-s9wb-buey","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0053","reference_id":"","reference_type":"","scores":[{"value":"0.03206","scoring_system":"epss","scoring_elements":"0.87232","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675082","reference_id":"675082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053","reference_id":"CVE-2011-0053","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01","reference_id":"mfsa2011-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0312","reference_id":"RHSA-2011:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0053"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tguh-s9wb-buey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2586?format=json","vulnerability_id":"VCID-trw6-z25m-nucy","summary":"Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges.  Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages.  This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1841","reference_id":"","reference_type":"","scores":[{"value":"0.04241","scoring_system":"epss","scoring_elements":"0.88957","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503583","reference_id":"503583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841","reference_id":"CVE-2009-1841","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32","reference_id":"mfsa2009-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1841"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trw6-z25m-nucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=json","vulnerability_id":"VCID-ttpz-dknd-2qey","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0173","reference_id":"","reference_type":"","scores":[{"value":"0.0757","scoring_system":"epss","scoring_elements":"0.91957","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173","reference_id":"CVE-2010-0173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttpz-dknd-2qey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2837?format=json","vulnerability_id":"VCID-tw6y-cy6t-x7by","summary":"Claus Wahlers reported that random images from GPU memory\nwere showing up in WebGL textures. Once incorporated into the WebGL graphics it\nis possible for a site to programmatically read the image data and potentially\ngain sensitive data from other things that had been displayed earlier. This\nproblem is due to a bug in the driver for Intel integrated GPUs on recent\nMac OS X hardware, and the problem can be seen in WebGL implementations from\nother vendors. Mozilla has implemented a work-around to prevent this from\nhappening with this hardware-driver combination.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3653","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46386","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653","reference_id":"CVE-2011-3653","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-51","reference_id":"mfsa2011-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3653"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6y-cy6t-x7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=json","vulnerability_id":"VCID-u2ea-zsxx-6khx","summary":"Security researcher Daniel Divricean reported that a defect\nin the error handling of javascript errors can leak the file names and location\nof javascript files on a server, leading to inadvertent information disclosure\nand a vector for further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1187","reference_id":"","reference_type":"","scores":[{"value":"0.00891","scoring_system":"epss","scoring_elements":"0.75863","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187","reference_id":"815187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187","reference_id":"CVE-2011-1187","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32","reference_id":"mfsa2012-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-1187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2ea-zsxx-6khx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88962?format=json","vulnerability_id":"VCID-u636-v3x8-6fft","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3866","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62117","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3866"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3866"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u636-v3x8-6fft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2659?format=json","vulnerability_id":"VCID-u714-aeta-j7by","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1302","reference_id":"","reference_type":"","scores":[{"value":"0.04391","scoring_system":"epss","scoring_elements":"0.89158","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496252","reference_id":"496252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302","reference_id":"CVE-2009-1302","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1302"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u714-aeta-j7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2288?format=json","vulnerability_id":"VCID-u7um-16ay-eqhd","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5833","reference_id":"","reference_type":"","scores":[{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.80987","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5833"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833","reference_id":"CVE-2012-5833","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-5833"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7um-16ay-eqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=json","vulnerability_id":"VCID-u829-rqhq-afdu","summary":"Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3980","reference_id":"","reference_type":"","scores":[{"value":"0.02199","scoring_system":"epss","scoring_elements":"0.84686","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851939","reference_id":"851939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980","reference_id":"CVE-2012-3980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-72","reference_id":"mfsa2012-72","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-72"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3980"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u829-rqhq-afdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2472?format=json","vulnerability_id":"VCID-uesh-b969-pfa6","summary":"Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5014","reference_id":"","reference_type":"","scores":[{"value":"0.25205","scoring_system":"epss","scoring_elements":"0.96286","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5014"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470873","reference_id":"470873","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014","reference_id":"CVE-2008-5014","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50","reference_id":"mfsa2008-50","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5014"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uesh-b969-pfa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2829?format=json","vulnerability_id":"VCID-ugzh-a5w2-cbee","summary":"Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3001","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42028","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001","reference_id":"CVE-2011-3001","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40","reference_id":"mfsa2011-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugzh-a5w2-cbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=json","vulnerability_id":"VCID-um8y-xkv9-zya9","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3174","reference_id":"","reference_type":"","scores":[{"value":"0.03201","scoring_system":"epss","scoring_elements":"0.8722","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174","reference_id":"CVE-2010-3174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-um8y-xkv9-zya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2216?format=json","vulnerability_id":"VCID-umhg-zxkd-bkh5","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site.  This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2763","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67447","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763","reference_id":"CVE-2010-2763","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-60","reference_id":"mfsa2010-60","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-60"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2763"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umhg-zxkd-bkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2860?format=json","vulnerability_id":"VCID-ut68-z785-9kaw","summary":"Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2371","reference_id":"","reference_type":"","scores":[{"value":"0.86212","scoring_system":"epss","scoring_elements":"0.99414","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2371"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714580","reference_id":"714580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371","reference_id":"CVE-2011-2371","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-22","reference_id":"mfsa2011-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2371"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut68-z785-9kaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=json","vulnerability_id":"VCID-uzx7-1bns-h7cx","summary":"Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages.  This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0160","reference_id":"","reference_type":"","scores":[{"value":"0.05179","scoring_system":"epss","scoring_elements":"0.9005","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566049","reference_id":"566049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160","reference_id":"CVE-2010-0160","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-02","reference_id":"mfsa2010-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0160"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzx7-1bns-h7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=json","vulnerability_id":"VCID-vae5-ym3t-3fd1","summary":"Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser.  This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373","reference_id":"","reference_type":"","scores":[{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93768","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156","reference_id":"530156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373","reference_id":"CVE-2009-3373","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt"},{"reference_url":"https://www.securityfocus.com/bid/36855/info","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36855/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56","reference_id":"mfsa2009-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vae5-ym3t-3fd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2424?format=json","vulnerability_id":"VCID-vc3j-t6ae-yqf9","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4062","reference_id":"","reference_type":"","scores":[{"value":"0.0291","scoring_system":"epss","scoring_elements":"0.86609","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463201","reference_id":"463201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062","reference_id":"CVE-2008-4062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4062"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc3j-t6ae-yqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2123?format=json","vulnerability_id":"VCID-vcz4-mpqz-k7dn","summary":"Mozilla developer Blake Kaplan reported that the\nwrapper class XPCSafeJSObjectWrapper (SJOW), a security\nwrapper that allows content-defined objects to be safely accessed by\nprivileged code, creates scope chains ending in outer objects.  Users\nof SJOWs which expect the scope chain to end on an inner object may be\nhanded a chrome privileged object which could be leveraged to run\narbitrary JavaScript with chrome privileges.Michal Zalewski's recent contributions helped to\nidentify this architectural weakness.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2762","reference_id":"","reference_type":"","scores":[{"value":"0.0174","scoring_system":"epss","scoring_elements":"0.82821","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630071","reference_id":"630071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762","reference_id":"CVE-2010-2762","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59","reference_id":"mfsa2010-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcz4-mpqz-k7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2162?format=json","vulnerability_id":"VCID-vekg-epcv-cqgd","summary":"Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain.  This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3988","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60859","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566051","reference_id":"566051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988","reference_id":"CVE-2009-3988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-04","reference_id":"mfsa2010-04","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vekg-epcv-cqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2880?format=json","vulnerability_id":"VCID-vjbh-dhuh-cyaj","summary":"Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0054","reference_id":"","reference_type":"","scores":[{"value":"0.09158","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675091","reference_id":"675091","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054","reference_id":"CVE-2011-0054","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-04","reference_id":"mfsa2011-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0054"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjbh-dhuh-cyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=json","vulnerability_id":"VCID-vk71-ur84-2kgz","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0463","reference_id":"","reference_type":"","scores":[{"value":"0.04347","scoring_system":"epss","scoring_elements":"0.89101","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463","reference_id":"CVE-2012-0463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk71-ur84-2kgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=json","vulnerability_id":"VCID-vnmm-3sby-y7hk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2374","reference_id":"","reference_type":"","scores":[{"value":"0.04023","scoring_system":"epss","scoring_elements":"0.88663","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374","reference_id":"CVE-2011-2374","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnmm-3sby-y7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=json","vulnerability_id":"VCID-vnu6-2tzh-5kab","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3963","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85041","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963","reference_id":"CVE-2012-3963","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3963"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnu6-2tzh-5kab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2819?format=json","vulnerability_id":"VCID-vqng-ra2r-y3db","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2981","reference_id":"","reference_type":"","scores":[{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80292","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2981"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730520","reference_id":"730520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981","reference_id":"CVE-2011-2981","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqng-ra2r-y3db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=json","vulnerability_id":"VCID-vr3a-xs8t-4qap","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4185","reference_id":"","reference_type":"","scores":[{"value":"0.05225","scoring_system":"epss","scoring_elements":"0.90093","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185","reference_id":"CVE-2012-4185","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4185"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr3a-xs8t-4qap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2869?format=json","vulnerability_id":"VCID-vt1n-t5vm-67cc","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2995","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86032","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741902","reference_id":"741902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995","reference_id":"CVE-2011-2995","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2995"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vt1n-t5vm-67cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=json","vulnerability_id":"VCID-vugt-cer6-sfhd","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3767","reference_id":"","reference_type":"","scores":[{"value":"0.04617","scoring_system":"epss","scoring_elements":"0.89429","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660431","reference_id":"660431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660431"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767","reference_id":"CVE-2010-3767","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-81","reference_id":"mfsa2010-81","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-81"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vugt-cer6-sfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=json","vulnerability_id":"VCID-vuq7-9gsu-sbfc","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0464","reference_id":"","reference_type":"","scores":[{"value":"0.01568","scoring_system":"epss","scoring_elements":"0.81827","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464","reference_id":"CVE-2012-0464","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vuq7-9gsu-sbfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2827?format=json","vulnerability_id":"VCID-vzdc-6fne-5fck","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2983","reference_id":"","reference_type":"","scores":[{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.75168","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730523","reference_id":"730523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983","reference_id":"CVE-2011-2983","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1165","reference_id":"RHSA-2011:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1167","reference_id":"RHSA-2011:1167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1167"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdc-6fne-5fck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2320?format=json","vulnerability_id":"VCID-wbbj-pv5p-nuaa","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3956","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85041","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956","reference_id":"CVE-2012-3956","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3956"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbj-pv5p-nuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2390?format=json","vulnerability_id":"VCID-wesw-ctff-bfff","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1949","reference_id":"","reference_type":"","scores":[{"value":"0.03749","scoring_system":"epss","scoring_elements":"0.88218","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1949"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021281","reference_id":"2021281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949","reference_id":"CVE-2012-1949","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42","reference_id":"mfsa2012-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-1949"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wesw-ctff-bfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=json","vulnerability_id":"VCID-wk8j-jx5v-g7g3","summary":"Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0355","reference_id":"","reference_type":"","scores":[{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85396","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0355"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483143","reference_id":"483143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355","reference_id":"CVE-2009-0355","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03","reference_id":"mfsa2009-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/717-2/","reference_id":"USN-717-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0355"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wk8j-jx5v-g7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73919?format=json","vulnerability_id":"VCID-wnhp-wmct-qyhh","summary":"firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162","reference_id":"530162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1563"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnhp-wmct-qyhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=json","vulnerability_id":"VCID-wtyd-jcnh-2bhq","summary":"Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library.  A video's dimensions\nwere being multiplied together and used in particular memory\nallocations.  When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video.  An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3389","reference_id":"","reference_type":"","scores":[{"value":"0.0553","scoring_system":"epss","scoring_elements":"0.90392","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=548541","reference_id":"548541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=548541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950","reference_id":"572950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389","reference_id":"CVE-2009-3389","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201312-04","reference_id":"GLSA-201312-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-67","reference_id":"mfsa2009-67","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-67"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-jcnh-2bhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=json","vulnerability_id":"VCID-wwk8-bpv8-zyhh","summary":"Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable.  If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23338","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300","reference_id":"642300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182","reference_id":"CVE-2010-3182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71","reference_id":"mfsa2010-71","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk8-bpv8-zyhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=json","vulnerability_id":"VCID-x444-96ea-pfc4","summary":"Security researcher Mariusz Mlynski reported that an\nattacker able to convince a potential victim to set a new home page by dragging\na link to the \"home\" button can set that user's home page to a\njavascript: URL. Once this is done the attacker's page can cause\nrepeated crashes of the browser, eventually getting the script URL loaded in the\nprivileged about:sessionrestore context.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0458","reference_id":"","reference_type":"","scores":[{"value":"0.02067","scoring_system":"epss","scoring_elements":"0.8421","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0458"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803113","reference_id":"803113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458","reference_id":"CVE-2012-0458","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16","reference_id":"mfsa2012-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0458"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x444-96ea-pfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71633?format=json","vulnerability_id":"VCID-x6pd-2arc-gqdq","summary":"HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389","reference_id":"","reference_type":"","scores":[{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88348","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389"},{"reference_url":"https://curl.se/docs/CVE-2011-3389.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2011-3389.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","reference_id":"737506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506"},{"reference_url":"https://security.gentoo.org/glsa/201111-02","reference_id":"GLSA-201111-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201111-02"},{"reference_url":"https://security.gentoo.org/glsa/201203-02","reference_id":"GLSA-201203-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-02"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1380","reference_id":"RHSA-2011:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1384","reference_id":"RHSA-2011:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0006","reference_id":"RHSA-2012:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0034","reference_id":"RHSA-2012:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0343","reference_id":"RHSA-2012:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0508","reference_id":"RHSA-2012:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://usn.ubuntu.com/1263-1/","reference_id":"USN-1263-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1263-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=json","vulnerability_id":"VCID-x7qs-rmew-4qe3","summary":"Mozilla security researcher David Chan reported\nthat cookies set for example.com. (note the trailing dot)\nand example.com were treated as interchangeable.  This is\na violation of same-origin conventions and could potentially lead to\nleakage of cookie data to the wrong party.This issue did not affect Firefox 4, SeaMonkey 2.1, or newer\nMozilla-based products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2362","reference_id":"","reference_type":"","scores":[{"value":"0.01226","scoring_system":"epss","scoring_elements":"0.79438","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714583","reference_id":"714583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362","reference_id":"CVE-2011-2362","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-24","reference_id":"mfsa2011-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2362"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qs-rmew-4qe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=json","vulnerability_id":"VCID-xe95-tcad-cyhu","summary":"Mozilla security researcher Georgi Guninski reported\nthat the fix for an earlier vulnerability reported by Liu Die Yu using local\ninternet shortcut files to access other sites\n(MFSA 2008-47) could be bypassed\nby redirecting to a privileged about: URI such as\nabout:plugins.\nIf an attacker could get a victim to\ndownload two files, a malicious HTML file and a .desktop shortcut\nfile, they could have the HTML document load a privileged chrome document\nvia the shortcut and both documents would be treated as same origin.\nThis vulnerability could potentially be used by an attacker to inject\narbitrary code into the chrome document and execute with chrome\nprivileges.  Because this attack has relatively high complexity, the\nseverity of this issue was determined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0356","reference_id":"","reference_type":"","scores":[{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76132","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0356"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483144","reference_id":"483144","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356","reference_id":"CVE-2009-0356","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-04","reference_id":"mfsa2009-04","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0356"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xe95-tcad-cyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2403?format=json","vulnerability_id":"VCID-xh5q-bfkr-guep","summary":"Security researcher Collin Jackson reported that\nthe -moz-binding CSS property can be used to bypass security checks\nwhich validate codebase principals. Similar to the issue reported\nin MFSA 2008-23, Jackson demonstrated\nthat an attacker can replace a stylesheet in a signed JAR which uses\nrelative paths, and can then use the -moz-binding property to inject\nmalicious script into the JAR.  The injected script will be executed\nwith the privileges of the signed JAR.  This vulnerability can thus\nallow an attacker to run arbitrary JavaScript within the context of\nanother site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5023","reference_id":"","reference_type":"","scores":[{"value":"0.1839","scoring_system":"epss","scoring_elements":"0.95341","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470898","reference_id":"470898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023","reference_id":"CVE-2008-5023","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57","reference_id":"mfsa2008-57","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xh5q-bfkr-guep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2334?format=json","vulnerability_id":"VCID-xhfm-9dtr-63cj","summary":"Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0457","reference_id":"","reference_type":"","scores":[{"value":"0.07333","scoring_system":"epss","scoring_elements":"0.91811","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0457"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116","reference_id":"803116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457","reference_id":"CVE-2012-0457","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14","reference_id":"mfsa2012-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0457"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhfm-9dtr-63cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=json","vulnerability_id":"VCID-xj7k-fek3-gbhh","summary":"Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy.  The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1207","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62303","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615472","reference_id":"615472","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207","reference_id":"CVE-2010-1207","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43","reference_id":"mfsa2010-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xj7k-fek3-gbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2453?format=json","vulnerability_id":"VCID-xt9w-ahy8-bfb6","summary":"Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages.  The error was caused by too small a heap buffer being allocated to store message header information.  This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4070","reference_id":"","reference_type":"","scores":[{"value":"0.02832","scoring_system":"epss","scoring_elements":"0.86427","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=464041","reference_id":"464041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=464041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070","reference_id":"CVE-2008-4070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46","reference_id":"mfsa2008-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-4070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xt9w-ahy8-bfb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=json","vulnerability_id":"VCID-xtst-5kbr-fba9","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2997","reference_id":"","reference_type":"","scores":[{"value":"0.04198","scoring_system":"epss","scoring_elements":"0.88907","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2997"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997","reference_id":"CVE-2011-2997","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2997"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtst-5kbr-fba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2224?format=json","vulnerability_id":"VCID-xvw5-jd6a-9ff3","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3968","reference_id":"","reference_type":"","scores":[{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83329","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920","reference_id":"851920","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968","reference_id":"CVE-2012-3968","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62","reference_id":"mfsa2012-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-3968"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvw5-jd6a-9ff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=json","vulnerability_id":"VCID-xwn1-qre7-k7cc","summary":"Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way.  This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page.  An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3985","reference_id":"","reference_type":"","scores":[{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64461","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3985"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546726","reference_id":"546726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985","reference_id":"CVE-2009-3985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69","reference_id":"mfsa2009-69","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwn1-qre7-k7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2215?format=json","vulnerability_id":"VCID-xyfx-jjk2-3bff","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object.  When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member.  This could result in\nthe deletion of objects for which valid pointers still exist.  An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0177","reference_id":"","reference_type":"","scores":[{"value":"0.06689","scoring_system":"epss","scoring_elements":"0.91381","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578152","reference_id":"578152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177","reference_id":"CVE-2010-0177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19","reference_id":"mfsa2010-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyfx-jjk2-3bff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=json","vulnerability_id":"VCID-y2ky-dg41-yqfe","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1212","reference_id":"","reference_type":"","scores":[{"value":"0.02028","scoring_system":"epss","scoring_elements":"0.84071","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615456","reference_id":"615456","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212","reference_id":"CVE-2010-1212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34","reference_id":"mfsa2010-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ky-dg41-yqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71053?format=json","vulnerability_id":"VCID-y3by-ejzy-y7g4","summary":"Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3101","reference_id":"","reference_type":"","scores":[{"value":"0.0174","scoring_system":"epss","scoring_elements":"0.82823","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3101"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://security.gentoo.org/glsa/201205-03","reference_id":"GLSA-201205-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201205-03"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3101"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3by-ejzy-y7g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=json","vulnerability_id":"VCID-y5e5-wa84-j3bz","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0165","reference_id":"","reference_type":"","scores":[{"value":"0.03502","scoring_system":"epss","scoring_elements":"0.87812","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165","reference_id":"CVE-2010-0165","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5e5-wa84-j3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=json","vulnerability_id":"VCID-y5rs-pd7w-m3ce","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4194","reference_id":"","reference_type":"","scores":[{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80447","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194","reference_id":"CVE-2012-4194","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5rs-pd7w-m3ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=json","vulnerability_id":"VCID-y6rz-xqjf-wfdn","summary":"Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2754","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62303","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615488","reference_id":"615488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754","reference_id":"CVE-2010-2754","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47","reference_id":"mfsa2010-47","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2754"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6rz-xqjf-wfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2145?format=json","vulnerability_id":"VCID-y6vr-xak2-5ufg","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1203","reference_id":"","reference_type":"","scores":[{"value":"0.05221","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1203"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590816","reference_id":"590816","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203","reference_id":"CVE-2010-1203","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6vr-xak2-5ufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2588?format=json","vulnerability_id":"VCID-y8wr-ds4z-gfc2","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection.  In such cases, event listeners may be executed within the\nwrong JavaScript context.  An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1838","reference_id":"","reference_type":"","scores":[{"value":"0.04629","scoring_system":"epss","scoring_elements":"0.89444","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503580","reference_id":"503580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838","reference_id":"CVE-2009-1838","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29","reference_id":"mfsa2009-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8wr-ds4z-gfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=json","vulnerability_id":"VCID-ycjq-pc6z-b7d2","summary":"IOActive security researcher Dan Kaminsky reported a\nmismatch in the treatment of domain names in SSL certificates between SSL\nclients and the Certificate Authorities (CA) which issue server certificates.\nIn particular, if a malicious person requested a certificate for a host name\nwith an invalid null character in it most CAs would issue the\ncertificate if the requester owned the domain specified after the null, while\nmost SSL clients (browsers) ignored that part of the name and used the\nunvalidated part in front of the null. This made it possible for attackers to\nobtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions.This vulnerability was independently reported to us by researcher\nMoxie Marlinspike who also noted that since Firefox\nrelies on SSL to protect the integrity of security updates this attack\ncould be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability\nResearch team for coordinating a multiple-vendor response to this problem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2408","reference_id":"","reference_type":"","scores":[{"value":"0.01855","scoring_system":"epss","scoring_elements":"0.83342","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510251","reference_id":"510251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934","reference_id":"539934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408","reference_id":"CVE-2009-2408","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-42","reference_id":"mfsa2009-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1184","reference_id":"RHSA-2009:1184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1186","reference_id":"RHSA-2009:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1190","reference_id":"RHSA-2009:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1207","reference_id":"RHSA-2009:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://usn.ubuntu.com/810-1/","reference_id":"USN-810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycjq-pc6z-b7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2201?format=json","vulnerability_id":"VCID-yd45-93fw-13df","summary":"Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally.  A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed.  An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0162","reference_id":"","reference_type":"","scores":[{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78394","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566052","reference_id":"566052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162","reference_id":"CVE-2010-0162","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-05","reference_id":"mfsa2010-05","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yd45-93fw-13df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2584?format=json","vulnerability_id":"VCID-ye7n-9kgr-mqc9","summary":"One of the security fixes in Firefox 3.0.9 introduced a\nregression that caused some users to experience frequent crashes.\nUsers of the HTML Validator add-on were particularly affected, but\nother users also experienced this crash in some situations.\nIn analyzing this crash we discovered that it was due to memory\ncorruption similar to cases that have been identified as security\nvulnerabilities in the past.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1313","reference_id":"","reference_type":"","scores":[{"value":"0.32166","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1313"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=497447","reference_id":"497447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=497447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313","reference_id":"CVE-2009-1313","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html","reference_id":"CVE-2009-1313;OSVDB-54174","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html"},{"reference_url":"https://www.securityfocus.com/bid/34743/info","reference_id":"CVE-2009-1313;OSVDB-54174","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34743/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-23","reference_id":"mfsa2009-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0449","reference_id":"RHSA-2009:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0449"},{"reference_url":"https://usn.ubuntu.com/765-1/","reference_id":"USN-765-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/765-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1313"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye7n-9kgr-mqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2798?format=json","vulnerability_id":"VCID-yedg-weex-wqgh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2989","reference_id":"","reference_type":"","scores":[{"value":"0.06835","scoring_system":"epss","scoring_elements":"0.91482","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989","reference_id":"CVE-2011-2989","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-2989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yedg-weex-wqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=json","vulnerability_id":"VCID-yh2k-hmgj-c3h8","summary":"Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy.  Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64481","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167","reference_id":"530167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375","reference_id":"CVE-2009-3375","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61","reference_id":"mfsa2009-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2k-hmgj-c3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=json","vulnerability_id":"VCID-yh3u-9dtq-4qeu","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability.  When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects.  This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0179","reference_id":"","reference_type":"","scores":[{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72851","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578155","reference_id":"578155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179","reference_id":"CVE-2010-0179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-21","reference_id":"mfsa2010-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82","reference_id":"mfsa2010-82","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0179"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yh3u-9dtq-4qeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88959?format=json","vulnerability_id":"VCID-yn1g-pbm8-mybp","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4508","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65544","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4508"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-4508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1g-pbm8-mybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=json","vulnerability_id":"VCID-yn2w-7p56-y7fe","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1201","reference_id":"","reference_type":"","scores":[{"value":"0.04587","scoring_system":"epss","scoring_elements":"0.89397","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608108","reference_id":"608108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201","reference_id":"CVE-2010-1201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn2w-7p56-y7fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2184?format=json","vulnerability_id":"VCID-yrjj-qpxp-hfbv","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3778","reference_id":"","reference_type":"","scores":[{"value":"0.05098","scoring_system":"epss","scoring_elements":"0.89965","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778","reference_id":"CVE-2010-3778","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-3778"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-qpxp-hfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2639?format=json","vulnerability_id":"VCID-ywsg-yvdy-wkb6","summary":"Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object.  This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467","reference_id":"","reference_type":"","scores":[{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.9006","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137","reference_id":"512137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467","reference_id":"CVE-2009-2467","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35","reference_id":"mfsa2009-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2467"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywsg-yvdy-wkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2416?format=json","vulnerability_id":"VCID-yy1m-2bvc-hbc1","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities in feedWriter which allow scripts from page\ncontent to run with chrome privileges.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3836","reference_id":"","reference_type":"","scores":[{"value":"0.02943","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463188","reference_id":"463188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836","reference_id":"CVE-2008-3836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-39","reference_id":"mfsa2008-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-39"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-3836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy1m-2bvc-hbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2875?format=json","vulnerability_id":"VCID-yy5w-b7b7-ybd1","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3651","reference_id":"","reference_type":"","scores":[{"value":"0.04425","scoring_system":"epss","scoring_elements":"0.89201","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651","reference_id":"CVE-2011-3651","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3651"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy5w-b7b7-ybd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2405?format=json","vulnerability_id":"VCID-z5zp-5nv7-gkgp","summary":"Kojima Hajime reported that unlike literal null\ncharacters which were handled correctly, the escaped form '\\0'\nwas ignored by the CSS parser and treated as if it was not present in\nthe CSS input string.  This issue could potentially be used to bypass\nscript sanitization routines in web applications.  The severity of\nthis issue was determined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5510","reference_id":"","reference_type":"","scores":[{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77489","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476283","reference_id":"476283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510","reference_id":"CVE-2008-5510","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-67","reference_id":"mfsa2008-67","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/717-3/","reference_id":"USN-717-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5510"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5zp-5nv7-gkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2172?format=json","vulnerability_id":"VCID-z6en-1gzy-6ffc","summary":"phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched.  This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0181","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.85964","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181","reference_id":"CVE-2010-0181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23","reference_id":"mfsa2010-23","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-0181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6en-1gzy-6ffc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88955?format=json","vulnerability_id":"VCID-z7p6-x5jx-97cr","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2061","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56818","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-2061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7p6-x5jx-97cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2646?format=json","vulnerability_id":"VCID-zbug-3a8h-tfbv","summary":"Developer and Mozilla community member Paolo\nAmadini reported that when saving the inner frame of a web\npage as a file when the outer page has POST data associated with it,\nthe POST data will be incorrectly sent to the URL of the inner frame.\nThis could potentially result in a user's sensitive data being sent to\na site for which it was not intended.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1311","reference_id":"","reference_type":"","scores":[{"value":"0.01175","scoring_system":"epss","scoring_elements":"0.79019","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496271","reference_id":"496271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311","reference_id":"CVE-2009-1311","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21","reference_id":"mfsa2009-21","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-1311"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbug-3a8h-tfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88951?format=json","vulnerability_id":"VCID-zdjb-aut8-rbeb","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0367","reference_id":"","reference_type":"","scores":[{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75084","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0367"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-0367"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdjb-aut8-rbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2388?format=json","vulnerability_id":"VCID-zee6-uc6n-4kck","summary":"Security Researcher Mike Brooks of Sitewatch reported that\nif multiple Content Security Policy (CSP) headers are present on a page, they\nhave an additive effect page policy. Using carriage return line feed (CRLF)\ninjection, a new CSP rule can be introduced which allows for cross-site\nscripting (XSS) on sites with a separate header injection vulnerability.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0451","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43362","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803114","reference_id":"803114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451","reference_id":"CVE-2012-0451","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15","reference_id":"mfsa2012-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-0451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zee6-uc6n-4kck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=json","vulnerability_id":"VCID-zejg-gepa-yqaf","summary":"Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4209","reference_id":"","reference_type":"","scores":[{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.84205","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877632","reference_id":"877632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209","reference_id":"CVE-2012-4209","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103","reference_id":"mfsa2012-103","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2012-4209"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zejg-gepa-yqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2839?format=json","vulnerability_id":"VCID-zey8-rnp8-7yh9","summary":"David Rees reported that the JSSubScriptLoader (a\nfeature used by some add-ons) was \"unwrapping\" XPCNativeWrappers when they\nwere used as the scope parameter to loadSubScript(). Without\nthe protection of the wrappers the add-on could be vulnerable to privilege\nescalation attacks from malicious web content. Whether any given add-on\nwere vulnerable would depend on how the add-on used the feature\nand whether it interacted directly with web content, but we did find\nat least one vulnerable add-on and presume there are more.\nThe unwrapping behavior was a change introduced during Firefox 4\ndevelopment.  Firefox 3.6 and earlier versions are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3004","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54651","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751930","reference_id":"751930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004","reference_id":"CVE-2011-3004","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-43","reference_id":"mfsa2011-43","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-43"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3004"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zey8-rnp8-7yh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2350?format=json","vulnerability_id":"VCID-zgcc-resp-k3h5","summary":"For historical reasons Firefox has been generous in its interpretation of web\naddresses containing square brackets around the host. If this host was not a\nvalid IPv6 literal address, Firefox attempted to interpret the host as a regular\ndomain name. Gregory Fleischer reported that requests made\nusing IPv6 syntax using XMLHttpRequest objects through a proxy may generate\nerrors depending on proxy configuration for IPv6. The resulting error messages\nfrom the proxy may disclose sensitive data because Same-Origin Policy (SOP) will\nallow the XMLHttpRequest object to read these error messages, allowing user\nprivacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that\nmay break links written using the non-standard Firefox-only forms that were\npreviously accepted.\nThis was fixed previously for Firefox 7.0, Thunderbird 7.0, and\nSeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during\n2012.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3670","reference_id":"","reference_type":"","scores":[{"value":"0.00725","scoring_system":"epss","scoring_elements":"0.72882","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785464","reference_id":"785464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670","reference_id":"CVE-2011-3670","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02","reference_id":"mfsa2012-02","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0084","reference_id":"RHSA-2012:0084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0085","reference_id":"RHSA-2012:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0085"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-3670"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgcc-resp-k3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2439?format=json","vulnerability_id":"VCID-zhdz-2jas-bbaj","summary":"Google security researcher Chris Evans reported that a\nwebsite could access a limited amount of data from a different domain by\nloading a same-domain JavaScript URL which redirects to an off-domain\ntarget  resource containing data\nwhich is not parsable as JavaScript.  Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the file\ncontext via the window.onerror DOM API.This issue could be used by a malicious website to steal private data\nfrom users who are authenticated on the redirected website. How much\ndata could be at risk would depend on the format of the data and how\nthe JavaScript parser attempts to interpret it. For most files the\namount of data that can be recovered would be limited to the first\nword or two. Some data files might allow deeper probing with\nrepeated loads.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.Update December 18, 2008: The Windows version of Firefox\n2.0.0.19 was shipped without the fix for this issue (other platforms\nwere correctly patched). Firefox 2.0.0.20 has been released on Windows\nto correct this oversight.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5507","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44096","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476280","reference_id":"476280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507","reference_id":"CVE-2008-5507","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-65","reference_id":"mfsa2008-65","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2008-5507"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhdz-2jas-bbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=json","vulnerability_id":"VCID-znvx-aqbr-2yck","summary":"Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue.  Firefox 3 does not contain the fix for this issue.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"},{"reference_url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"},{"reference_url":"http://blogs.iss.net/archive/sslmitmiscsrf.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blogs.iss.net/archive/sslmitmiscsrf.html"},{"reference_url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"},{"reference_url":"http://clicky.me/tlsvuln","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://clicky.me/tlsvuln"},{"reference_url":"http://extendedsubset.com/?p=8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://extendedsubset.com/?p=8"},{"reference_url":"http://extendedsubset.com/Renegotiating_TLS.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://extendedsubset.com/Renegotiating_TLS.pdf"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"},{"reference_url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"},{"reference_url":"http://kbase.redhat.com/faq/docs/DOC-20491","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://kbase.redhat.com/faq/docs/DOC-20491"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"},{"reference_url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"},{"reference_url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2"},{"reference_url":"http://marc.info/?l=cryptography&m=125752275331877&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=cryptography&m=125752275331877&w=2"},{"reference_url":"http://openbsd.org/errata45.html#010_openssl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://openbsd.org/errata45.html#010_openssl"},{"reference_url":"http://openbsd.org/errata46.html#004_openssl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://openbsd.org/errata46.html#004_openssl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1579","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1694","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0011","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0130","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0162","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0164","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0165","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0338","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0339","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0440","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0768","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0770","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0807","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0865","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0987","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0880","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2009-3555"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"0.03741","scoring_system":"epss","scoring_elements":"0.88206","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"},{"reference_url":"http://seclists.org/fulldisclosure/2009/Nov/139","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://seclists.org/fulldisclosure/2009/Nov/139"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200912-01.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-200912-01.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201203-22.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201203-22.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5"},{"reference_url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d"},{"reference_url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3"},{"reference_url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701"},{"reference_url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02"},{"reference_url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3"},{"reference_url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d"},{"reference_url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366"},{"reference_url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"},{"reference_url":"https://kb.bluecoat.com/index?page=content&id=SA50","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://kb.bluecoat.com/index?page=content&id=SA50"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446"},{"reference_url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535"},{"reference_url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"},{"reference_url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"},{"reference_url":"http://support.apple.com/kb/HT4004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4004"},{"reference_url":"http://support.apple.com/kb/HT4170","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4170"},{"reference_url":"http://support.apple.com/kb/HT4171","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4171"},{"reference_url":"http://support.avaya.com/css/P8/documents/100070150","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100070150"},{"reference_url":"http://support.avaya.com/css/P8/documents/100081611","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100081611"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114315","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114315"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114327","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114327"},{"reference_url":"http://support.citrix.com/article/CTX123359","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.citrix.com/article/CTX123359"},{"reference_url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"},{"reference_url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"},{"reference_url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt"},{"reference_url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"},{"reference_url":"http://ubuntu.com/usn/usn-923-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://ubuntu.com/usn/usn-923-1"},{"reference_url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312"},{"reference_url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only"},{"reference_url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt"},{"reference_url":"http://www.betanews.com/article/1257452450","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.betanews.com/article/1257452450"},{"reference_url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"},{"reference_url":"http://www.debian.org/security/2009/dsa-1934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2009/dsa-1934"},{"reference_url":"http://www.debian.org/security/2011/dsa-2141","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2011/dsa-2141"},{"reference_url":"http://www.debian.org/security/2015/dsa-3253","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2015/dsa-3253"},{"reference_url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"},{"reference_url":"http://www.ingate.com/Relnote.php?ver=481","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ingate.com/Relnote.php?ver=481"},{"reference_url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"},{"reference_url":"http://www.kb.cert.org/vuls/id/120541","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.kb.cert.org/vuls/id/120541"},{"reference_url":"http://www.links.org/?p=780","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=780"},{"reference_url":"http://www.links.org/?p=786","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=786"},{"reference_url":"http://www.links.org/?p=789","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=789"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"},{"reference_url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"},{"reference_url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html"},{"reference_url":"http://www.openssl.org/news/secadv_20091111.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openssl.org/news/secadv_20091111.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/06/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/07/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/07/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/20/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/23/10","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/23/10"},{"reference_url":"http://www.opera.com/docs/changelogs/unix/1060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/docs/changelogs/unix/1060"},{"reference_url":"http://www.opera.com/support/search/view/944","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/support/search/view/944"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"},{"reference_url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html"},{"reference_url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"},{"reference_url":"http://www.tombom.co.uk/blog/?p=85","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.tombom.co.uk/blog/?p=85"},{"reference_url":"http://www.ubuntu.com/usn/USN-1010-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-1010-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-4"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-5"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0032","reference_id":"0032","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0032"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0033","reference_id":"0033","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0033"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0086","reference_id":"0086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0086"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0086","reference_id":"0086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0086"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0173","reference_id":"0173","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0173"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0748","reference_id":"0748","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0748"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0848","reference_id":"0848","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0848"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0916","reference_id":"0916","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0916"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0933","reference_id":"0933","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0933"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0982","reference_id":"0982","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0982"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0994","reference_id":"0994","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0994"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1054","reference_id":"1054","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1054"},{"reference_url":"http://www.opera.com/docs/changelogs/unix/1060/","reference_id":"1060","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.opera.com/docs/changelogs/unix/1060/"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1191","reference_id":"1191","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1191"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1350","reference_id":"1350","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1350"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1639","reference_id":"1639","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1639"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1673","reference_id":"1673","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1673"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1793","reference_id":"1793","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1793"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2010","reference_id":"2010","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2010"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2745","reference_id":"2745","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2745"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3069","reference_id":"3069","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3069"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3086","reference_id":"3086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3086"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3126","reference_id":"3126","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3126"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3164","reference_id":"3164","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3164"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3165","reference_id":"3165","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3165"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3205","reference_id":"3205","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3205"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3220","reference_id":"3220","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3220"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3310","reference_id":"3310","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3310"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3313","reference_id":"3313","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3313"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3353","reference_id":"3353","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3353"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3354","reference_id":"3354","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3354"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3484","reference_id":"3484","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3484"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3521","reference_id":"3521","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3521"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3587","reference_id":"3587","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3587"},{"reference_url":"http://www.securityfocus.com/bid/36935","reference_id":"36935","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/bid/36935"},{"reference_url":"http://secunia.com/advisories/37291","reference_id":"37291","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37291"},{"reference_url":"http://secunia.com/advisories/37292","reference_id":"37292","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37292"},{"reference_url":"http://secunia.com/advisories/37320","reference_id":"37320","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37320"},{"reference_url":"http://secunia.com/advisories/37383","reference_id":"37383","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37383"},{"reference_url":"http://secunia.com/advisories/37399","reference_id":"37399","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37399"},{"reference_url":"http://secunia.com/advisories/37453","reference_id":"37453","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37453"},{"reference_url":"http://secunia.com/advisories/37501","reference_id":"37501","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37501"},{"reference_url":"http://secunia.com/advisories/37504","reference_id":"37504","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37504"},{"reference_url":"http://secunia.com/advisories/37604","reference_id":"37604","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37604"},{"reference_url":"http://secunia.com/advisories/37640","reference_id":"37640","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37640"},{"reference_url":"http://secunia.com/advisories/37656","reference_id":"37656","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37656"},{"reference_url":"http://secunia.com/advisories/37675","reference_id":"37675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37675"},{"reference_url":"http://secunia.com/advisories/37859","reference_id":"37859","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37859"},{"reference_url":"http://secunia.com/advisories/38003","reference_id":"38003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38003"},{"reference_url":"http://secunia.com/advisories/38020","reference_id":"38020","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38020"},{"reference_url":"http://secunia.com/advisories/38056","reference_id":"38056","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38056"},{"reference_url":"http://secunia.com/advisories/38241","reference_id":"38241","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38241"},{"reference_url":"http://secunia.com/advisories/38484","reference_id":"38484","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38484"},{"reference_url":"http://secunia.com/advisories/38687","reference_id":"38687","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38687"},{"reference_url":"http://secunia.com/advisories/38781","reference_id":"38781","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38781"},{"reference_url":"http://secunia.com/advisories/39127","reference_id":"39127","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39127"},{"reference_url":"http://secunia.com/advisories/39136","reference_id":"39136","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39136"},{"reference_url":"http://secunia.com/advisories/39242","reference_id":"39242","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39242"},{"reference_url":"http://secunia.com/advisories/39243","reference_id":"39243","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39243"},{"reference_url":"http://secunia.com/advisories/39278","reference_id":"39278","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39278"},{"reference_url":"http://secunia.com/advisories/39292","reference_id":"39292","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39292"},{"reference_url":"http://secunia.com/advisories/39317","reference_id":"39317","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39317"},{"reference_url":"http://secunia.com/advisories/39461","reference_id":"39461","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39461"},{"reference_url":"http://secunia.com/advisories/39500","reference_id":"39500","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39500"},{"reference_url":"http://secunia.com/advisories/39628","reference_id":"39628","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39628"},{"reference_url":"http://secunia.com/advisories/39632","reference_id":"39632","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39632"},{"reference_url":"http://secunia.com/advisories/39713","reference_id":"39713","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39713"},{"reference_url":"http://secunia.com/advisories/39819","reference_id":"39819","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39819"},{"reference_url":"http://secunia.com/advisories/40070","reference_id":"40070","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40070"},{"reference_url":"http://secunia.com/advisories/40545","reference_id":"40545","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40545"},{"reference_url":"http://secunia.com/advisories/40747","reference_id":"40747","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40747"},{"reference_url":"http://secunia.com/advisories/40866","reference_id":"40866","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40866"},{"reference_url":"http://secunia.com/advisories/41480","reference_id":"41480","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41480"},{"reference_url":"http://secunia.com/advisories/41490","reference_id":"41490","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41490"},{"reference_url":"http://secunia.com/advisories/41818","reference_id":"41818","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41818"},{"reference_url":"http://secunia.com/advisories/41967","reference_id":"41967","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41967"},{"reference_url":"http://secunia.com/advisories/41972","reference_id":"41972","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41972"},{"reference_url":"http://secunia.com/advisories/42377","reference_id":"42377","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42377"},{"reference_url":"http://secunia.com/advisories/42379","reference_id":"42379","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42379"},{"reference_url":"http://secunia.com/advisories/42467","reference_id":"42467","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42467"},{"reference_url":"http://secunia.com/advisories/42724","reference_id":"42724","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42724"},{"reference_url":"http://secunia.com/advisories/42733","reference_id":"42733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42733"},{"reference_url":"http://secunia.com/advisories/42808","reference_id":"42808","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42808"},{"reference_url":"http://secunia.com/advisories/42811","reference_id":"42811","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42811"},{"reference_url":"http://secunia.com/advisories/42816","reference_id":"42816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42816"},{"reference_url":"http://secunia.com/advisories/43308","reference_id":"43308","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/43308"},{"reference_url":"http://secunia.com/advisories/44954","reference_id":"44954","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/44954"},{"reference_url":"http://secunia.com/advisories/48577","reference_id":"48577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/48577"},{"reference_url":"http://www.securityfocus.com/archive/1/522176","reference_id":"522176","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/522176"},{"reference_url":"http://osvdb.org/60521","reference_id":"60521","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/60521"},{"reference_url":"http://osvdb.org/60972","reference_id":"60972","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/60972"},{"reference_url":"http://osvdb.org/62210","reference_id":"62210","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/62210"},{"reference_url":"http://osvdb.org/65202","reference_id":"65202","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/65202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649","reference_id":"765649","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649"},{"reference_url":"http://www.opera.com/support/search/view/944/","reference_id":"944","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.opera.com/support/search/view/944/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py","reference_id":"CVE-2009-3555","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt"},{"reference_url":"https://www.securityfocus.com/bid/35888/info","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35888/info"},{"reference_url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E","reference_id":"f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6","reference_id":"GHSA-f7w7-6pjc-wwm6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6"},{"reference_url":"https://security.gentoo.org/glsa/200912-01","reference_id":"GLSA-200912-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-01"},{"reference_url":"https://security.gentoo.org/glsa/201006-18","reference_id":"GLSA-201006-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-18"},{"reference_url":"https://security.gentoo.org/glsa/201110-05","reference_id":"GLSA-201110-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-05"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"},{"reference_url":"https://security.gentoo.org/glsa/201206-18","reference_id":"GLSA-201206-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-18"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201309-15","reference_id":"GLSA-201309-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-15"},{"reference_url":"https://security.gentoo.org/glsa/201311-13","reference_id":"GLSA-201311-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-13"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"http://securitytracker.com/id?1023148","reference_id":"id?1023148","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://securitytracker.com/id?1023148"},{"reference_url":"http://www.securitytracker.com/id?1023163","reference_id":"id?1023163","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023163"},{"reference_url":"http://www.securitytracker.com/id?1023204","reference_id":"id?1023204","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023204"},{"reference_url":"http://www.securitytracker.com/id?1023205","reference_id":"id?1023205","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023205"},{"reference_url":"http://www.securitytracker.com/id?1023206","reference_id":"id?1023206","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023206"},{"reference_url":"http://www.securitytracker.com/id?1023207","reference_id":"id?1023207","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023207"},{"reference_url":"http://www.securitytracker.com/id?1023208","reference_id":"id?1023208","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023208"},{"reference_url":"http://www.securitytracker.com/id?1023209","reference_id":"id?1023209","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023209"},{"reference_url":"http://www.securitytracker.com/id?1023210","reference_id":"id?1023210","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023210"},{"reference_url":"http://www.securitytracker.com/id?1023211","reference_id":"id?1023211","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023211"},{"reference_url":"http://www.securitytracker.com/id?1023212","reference_id":"id?1023212","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023212"},{"reference_url":"http://www.securitytracker.com/id?1023213","reference_id":"id?1023213","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023213"},{"reference_url":"http://www.securitytracker.com/id?1023214","reference_id":"id?1023214","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023214"},{"reference_url":"http://www.securitytracker.com/id?1023215","reference_id":"id?1023215","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023215"},{"reference_url":"http://www.securitytracker.com/id?1023216","reference_id":"id?1023216","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023216"},{"reference_url":"http://www.securitytracker.com/id?1023217","reference_id":"id?1023217","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023217"},{"reference_url":"http://www.securitytracker.com/id?1023218","reference_id":"id?1023218","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023218"},{"reference_url":"http://www.securitytracker.com/id?1023219","reference_id":"id?1023219","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023219"},{"reference_url":"http://www.securitytracker.com/id?1023224","reference_id":"id?1023224","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023224"},{"reference_url":"http://www.securitytracker.com/id?1023243","reference_id":"id?1023243","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023243"},{"reference_url":"http://www.securitytracker.com/id?1023270","reference_id":"id?1023270","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023270"},{"reference_url":"http://www.securitytracker.com/id?1023271","reference_id":"id?1023271","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023271"},{"reference_url":"http://www.securitytracker.com/id?1023272","reference_id":"id?1023272","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023272"},{"reference_url":"http://www.securitytracker.com/id?1023273","reference_id":"id?1023273","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023273"},{"reference_url":"http://www.securitytracker.com/id?1023274","reference_id":"id?1023274","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023274"},{"reference_url":"http://www.securitytracker.com/id?1023275","reference_id":"id?1023275","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023275"},{"reference_url":"http://www.securitytracker.com/id?1023411","reference_id":"id?1023411","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023411"},{"reference_url":"http://www.securitytracker.com/id?1023426","reference_id":"id?1023426","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023426"},{"reference_url":"http://www.securitytracker.com/id?1023427","reference_id":"id?1023427","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023427"},{"reference_url":"http://www.securitytracker.com/id?1023428","reference_id":"id?1023428","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023428"},{"reference_url":"http://www.securitytracker.com/id?1024789","reference_id":"id?1024789","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1024789"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22","reference_id":"mfsa2010-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A10088","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A11578","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A11617","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7315","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7478","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7973","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A8366","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A8535","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"},{"reference_url":"http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html","reference_id":"plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"},{"reference_url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E","reference_id":"re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/archive/1/507952/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/507952/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/508075/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/508075/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/508130/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/508130/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/515055/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/515055/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/1010-1/","reference_id":"USN-1010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1010-1/"},{"reference_url":"https://usn.ubuntu.com/860-1/","reference_id":"USN-860-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/860-1/"},{"reference_url":"https://usn.ubuntu.com/923-1/","reference_id":"USN-923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/923-1/"},{"reference_url":"https://usn.ubuntu.com/927-1/","reference_id":"USN-927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-1/"},{"reference_url":"https://usn.ubuntu.com/927-4/","reference_id":"USN-927-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-4/"},{"reference_url":"https://usn.ubuntu.com/927-6/","reference_id":"USN-927-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-6/"},{"reference_url":"https://usn.ubuntu.com/990-1/","reference_id":"USN-990-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-1/"},{"reference_url":"https://usn.ubuntu.com/990-2/","reference_id":"USN-990-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-3555","GHSA-f7w7-6pjc-wwm6","VU#120541"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znvx-aqbr-2yck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=json","vulnerability_id":"VCID-zp33-mbkb-aydv","summary":"Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements.  A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem.  This integer is later used in allocating a memory buffer used\nto store the plugin parameters.  Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1214","reference_id":"","reference_type":"","scores":[{"value":"0.0734","scoring_system":"epss","scoring_elements":"0.91814","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615462","reference_id":"615462","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214","reference_id":"CVE-2010-1214","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py","reference_id":"CVE-2010-1214","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt","reference_id":"CVE-2010-1214;OSVDB-66594","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt"},{"reference_url":"https://www.securityfocus.com/bid/41842/info","reference_id":"CVE-2010-1214;OSVDB-66594","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/41842/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37","reference_id":"mfsa2010-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-1214"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp33-mbkb-aydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2120?format=json","vulnerability_id":"VCID-ztea-k4bh-bug9","summary":"Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins.  A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7.  This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2768","reference_id":"","reference_type":"","scores":[{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73827","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630074","reference_id":"630074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768","reference_id":"CVE-2010-2768","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61","reference_id":"mfsa2010-61","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2010-2768"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztea-k4bh-bug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2842?format=json","vulnerability_id":"VCID-zxps-xjq5-qyha","summary":"Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0067","reference_id":"","reference_type":"","scores":[{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67114","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700644","reference_id":"700644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067","reference_id":"CVE-2011-0067","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14","reference_id":"mfsa2011-14","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2011-0067"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxps-xjq5-qyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=json","vulnerability_id":"VCID-zy16-tskh-aka5","summary":"Developer and Mozilla community member Wladimir Palant\nreported that cookies marked HTTPOnly were readable by JavaScript via\nthe XMLHttpRequest.getResponseHeader and \nXMLHttpRequest.getAllResponseHeaders APIs.  This vulnerability\nbypasses the security mechanism provided by the HTTPOnly flag which\nintends to restrict JavaScript access to document.cookie.The fix prevents the XMLHttpRequest feature from accessing the\nSet-Cookie and Set-Cookie2 headers of any response\nwhether or not the HTTPOnly flag was set for those cookies.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0357","reference_id":"","reference_type":"","scores":[{"value":"0.0108","scoring_system":"epss","scoring_elements":"0.78144","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483145","reference_id":"483145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357","reference_id":"CVE-2009-0357","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-05","reference_id":"mfsa2009-05","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/717-2/","reference_id":"USN-717-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-2/"},{"reference_url":"https://usn.ubuntu.com/717-3/","reference_id":"USN-717-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334830?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334831?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/334832?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/334833?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@10.0.11"}],"aliases":["CVE-2009-0357"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy16-tskh-aka5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.14-r1"}