{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","type":"apk","namespace":"alpine","name":"thunderbird","version":"91.6.0-r0","qualifiers":{"arch":"x86","distroversion":"v3.16","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"91.6.2-r0","latest_non_vulnerable_version":"91.11.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1760?format=json","vulnerability_id":"VCID-6k79-gy9s-33h4","summary":"Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22764","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67759","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67712","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67733","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053243","reference_id":"2053243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053243"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279","reference_id":"buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22764"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6k79-gy9s-33h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1754?format=json","vulnerability_id":"VCID-9nc3-6nbk-cqgs","summary":"If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22754","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23609","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23592","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23546","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23494","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2349","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053236","reference_id":"2053236","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053236"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750565","reference_id":"show_bug.cgi?id=1750565","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750565"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22754"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nc3-6nbk-cqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1755?format=json","vulnerability_id":"VCID-h7ha-a8cy-xber","summary":"If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22756","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64706","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64704","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64712","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64693","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053237","reference_id":"2053237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053237"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317873","reference_id":"show_bug.cgi?id=1317873","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317873"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22756"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7ha-a8cy-xber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1758?format=json","vulnerability_id":"VCID-hg2h-8qks-y3df","summary":"Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22761","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57675","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57665","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57614","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5767","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57652","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053239","reference_id":"2053239","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053239"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745566","reference_id":"show_bug.cgi?id=1745566","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745566"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22761"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg2h-8qks-y3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1753?format=json","vulnerability_id":"VCID-m1sa-ecyr-yyem","summary":"A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22753","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58614","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58615","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58621","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.586","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053241","reference_id":"2053241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053241"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1732435","reference_id":"show_bug.cgi?id=1732435","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1732435"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22753"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1sa-ecyr-yyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1756?format=json","vulnerability_id":"VCID-ntuu-tveg-fbht","summary":"If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22759","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56009","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56015","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55954","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56006","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55985","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053242","reference_id":"2053242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053242"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739957","reference_id":"show_bug.cgi?id=1739957","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739957"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22759"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntuu-tveg-fbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1757?format=json","vulnerability_id":"VCID-rhs1-h4t5-qfhn","summary":"When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses.  This could have been abused to learn information cross-origin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22760","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49634","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49562","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49602","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49587","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053238","reference_id":"2053238","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053238"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740985","reference_id":"show_bug.cgi?id=1740985","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740985"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1748503","reference_id":"show_bug.cgi?id=1748503","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1748503"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22760"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhs1-h4t5-qfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1759?format=json","vulnerability_id":"VCID-t6x1-8n3e-13cp","summary":"When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22763","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66071","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66067","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66019","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66073","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053240","reference_id":"2053240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053240"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740534","reference_id":"show_bug.cgi?id=1740534","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740534"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409859?format=json","purl":"pkg:apk/alpine/thunderbird@91.6.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2022-22763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6x1-8n3e-13cp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}