{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","type":"apk","namespace":"alpine","name":"firefox-esr","version":"78.1.0-r0","qualifiers":{"arch":"riscv64","distroversion":"v3.22","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"78.2.0-r0","latest_non_vulnerable_version":"115.6.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1181?format=json","vulnerability_id":"VCID-2et1-ugmu-53fc","summary":"Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6463.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6463","reference_id":"","reference_type":"","scores":[{"value":"0.03796","scoring_system":"epss","scoring_elements":"0.88309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03796","scoring_system":"epss","scoring_elements":"0.88306","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03796","scoring_system":"epss","scoring_elements":"0.88287","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840893","reference_id":"1840893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840893"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://security.gentoo.org/glsa/202007-60","reference_id":"GLSA-202007-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-60"},{"reference_url":"https://security.gentoo.org/glsa/202007-64","reference_id":"GLSA-202007-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-64"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31","reference_id":"mfsa2020-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35","reference_id":"mfsa2020-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1970","reference_id":"RHSA-2020:1970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3229","reference_id":"RHSA-2020:3229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3233","reference_id":"RHSA-2020:3233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3241","reference_id":"RHSA-2020:3241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3253","reference_id":"RHSA-2020:3253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3254","reference_id":"RHSA-2020:3254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3341","reference_id":"RHSA-2020:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3342","reference_id":"RHSA-2020:3342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3343","reference_id":"RHSA-2020:3343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3344","reference_id":"RHSA-2020:3344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3345","reference_id":"RHSA-2020:3345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3345"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-6463"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2et1-ugmu-53fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1182?format=json","vulnerability_id":"VCID-4ew2-8ktk-pqbj","summary":"JIT optimizations involving the Javascript arguments object could confuse later optimizations.\nThis risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15656.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15656","reference_id":"","reference_type":"","scores":[{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72247","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72199","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.7224","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15656"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861646","reference_id":"1861646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861646"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15656"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ew2-8ktk-pqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1177?format=json","vulnerability_id":"VCID-bg75-zcf2-sqh2","summary":"By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15652.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15652","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69503","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69456","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861570","reference_id":"1861570","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861570"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://security.gentoo.org/glsa/202007-60","reference_id":"GLSA-202007-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-60"},{"reference_url":"https://security.gentoo.org/glsa/202007-64","reference_id":"GLSA-202007-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-64"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31","reference_id":"mfsa2020-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35","reference_id":"mfsa2020-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3229","reference_id":"RHSA-2020:3229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3233","reference_id":"RHSA-2020:3233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3241","reference_id":"RHSA-2020:3241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3253","reference_id":"RHSA-2020:3253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3254","reference_id":"RHSA-2020:3254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3341","reference_id":"RHSA-2020:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3342","reference_id":"RHSA-2020:3342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3343","reference_id":"RHSA-2020:3343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3344","reference_id":"RHSA-2020:3344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3345","reference_id":"RHSA-2020:3345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3345"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15652"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg75-zcf2-sqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1186?format=json","vulnerability_id":"VCID-cw2r-5yj4-yqd5","summary":"Mozilla developers and community members Natalia Csoregi, Simon Giesecke, Jason Kratzer, Christian Holler, and Luke Wagner reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15659.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15659","reference_id":"","reference_type":"","scores":[{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.7479","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74784","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74753","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861572","reference_id":"1861572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861572"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://security.gentoo.org/glsa/202007-60","reference_id":"GLSA-202007-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-60"},{"reference_url":"https://security.gentoo.org/glsa/202007-64","reference_id":"GLSA-202007-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-64"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31","reference_id":"mfsa2020-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35","reference_id":"mfsa2020-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3229","reference_id":"RHSA-2020:3229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3233","reference_id":"RHSA-2020:3233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3241","reference_id":"RHSA-2020:3241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3253","reference_id":"RHSA-2020:3253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3254","reference_id":"RHSA-2020:3254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3341","reference_id":"RHSA-2020:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3342","reference_id":"RHSA-2020:3342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3343","reference_id":"RHSA-2020:3343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3344","reference_id":"RHSA-2020:3344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3345","reference_id":"RHSA-2020:3345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3345"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15659"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cw2r-5yj4-yqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1185?format=json","vulnerability_id":"VCID-hm4u-x2dp-rqcz","summary":"When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15654.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15654","reference_id":"","reference_type":"","scores":[{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.6589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65825","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65879","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15654"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861649","reference_id":"1861649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861649"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15654"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4u-x2dp-rqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1180?format=json","vulnerability_id":"VCID-kjrc-x799-ukfr","summary":"Mozilla developer Anne van Kesteren discovered that <iframe sandbox> with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15653.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15653","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60109","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60058","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60105","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861645","reference_id":"1861645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861645"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15653"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjrc-x799-ukfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1184?format=json","vulnerability_id":"VCID-kny7-1h9q-cueq","summary":"Firefox could be made to load attacker-supplied DLL files from the installation directory.\nThis required an attacker that is already capable of placing files in the installation directory.\n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15657.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15657","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40822","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40827","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861648","reference_id":"1861648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861648"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kny7-1h9q-cueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1183?format=json","vulnerability_id":"VCID-q4fh-hp1h-xqh1","summary":"The code for downloading files did not properly take care of special characters,\nwhich led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15658.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15658","reference_id":"","reference_type":"","scores":[{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.6589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65825","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65879","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861647","reference_id":"1861647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861647"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15658"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4fh-hp1h-xqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1179?format=json","vulnerability_id":"VCID-rme4-tudc-5kd1","summary":"Mozilla Developer Rob Wu discovered that a redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15655.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15655","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61172","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61164","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15655"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861644","reference_id":"1861644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861644"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/361860?format=json","purl":"pkg:apk/alpine/firefox-esr@78.1.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2020-15655"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rme4-tudc-5kd1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@78.1.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}