Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@97.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 97.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 98.0-1

Latest_non_vulnerable_version 151.0.4-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4cgy-cdyd-sbfq

vulnerability_id VCID-4cgy-cdyd-sbfq

summary If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22754

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23732
published_at	2026-06-12T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23535
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053236
reference_id	2053236
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053236

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1750565

reference_id

show_bug.cgi?id=1750565

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1750565

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22754

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cgy-cdyd-sbfq

url VCID-64km-7by4-bkgf

vulnerability_id VCID-64km-7by4-bkgf

summary If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22759

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.56202
published_at	2026-06-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56081
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053242
reference_id	2053242
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053242

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1739957

reference_id

show_bug.cgi?id=1739957

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1739957

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22759

risk_score 4.3

exploitability 0.5

weighted_severity 8.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64km-7by4-bkgf

url VCID-6sbt-2pfv-hqhu

vulnerability_id VCID-6sbt-2pfv-hqhu

summary Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0511

reference_id

reference_type

scores

value	0.00369
scoring_system	epss
scoring_elements	0.59205
published_at	2026-06-11T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.59317
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0511

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:43Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-0511

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sbt-2pfv-hqhu

url VCID-akgd-n3sq-ffaz

vulnerability_id VCID-akgd-n3sq-ffaz

summary Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22757

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46694
published_at	2026-06-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46838
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22757

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:31:34Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1720098

reference_id

show_bug.cgi?id=1720098

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:31:34Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1720098

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22757

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akgd-n3sq-ffaz

url VCID-ggpa-3844-zbaj

vulnerability_id VCID-ggpa-3844-zbaj

summary If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22756

reference_id

reference_type

scores

value	0.00464
scoring_system	epss
scoring_elements	0.64871
published_at	2026-06-12T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64769
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053237
reference_id	2053237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053237

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1317873

reference_id

show_bug.cgi?id=1317873

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1317873

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22756

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggpa-3844-zbaj

url VCID-tb32-8bym-g3ab

vulnerability_id VCID-tb32-8bym-g3ab

summary Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22761

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57859
published_at	2026-06-12T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57747
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053239
reference_id	2053239
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053239

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1745566

reference_id

show_bug.cgi?id=1745566

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1745566

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22761

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tb32-8bym-g3ab

url VCID-xmjf-8t9s-pye2

vulnerability_id VCID-xmjf-8t9s-pye2

summary Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22764

reference_id

reference_type

scores

value	0.00533
scoring_system	epss
scoring_elements	0.67895
published_at	2026-06-12T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67806
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053243
reference_id	2053243
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053243

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279

reference_id

buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22764

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmjf-8t9s-pye2

url VCID-xr76-k5r5-zuda

vulnerability_id VCID-xr76-k5r5-zuda

summary When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22760

reference_id

reference_type

scores

value	0.0026
scoring_system	epss
scoring_elements	0.49804
published_at	2026-06-12T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49668
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2053238
reference_id	2053238
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2053238

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_id

mfsa2022-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_id

mfsa2022-05

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-05/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_id

mfsa2022-06

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-06

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_id

mfsa2022-06

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-06/

reference_url	https://access.redhat.com/errata/RHSA-2022:0510
reference_id	RHSA-2022:0510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0510

reference_url	https://access.redhat.com/errata/RHSA-2022:0511
reference_id	RHSA-2022:0511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0511

reference_url	https://access.redhat.com/errata/RHSA-2022:0512
reference_id	RHSA-2022:0512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0512

reference_url	https://access.redhat.com/errata/RHSA-2022:0513
reference_id	RHSA-2022:0513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0513

reference_url	https://access.redhat.com/errata/RHSA-2022:0514
reference_id	RHSA-2022:0514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0514

reference_url	https://access.redhat.com/errata/RHSA-2022:0535
reference_id	RHSA-2022:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0535

reference_url	https://access.redhat.com/errata/RHSA-2022:0536
reference_id	RHSA-2022:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0536

reference_url	https://access.redhat.com/errata/RHSA-2022:0537
reference_id	RHSA-2022:0537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0537

reference_url	https://access.redhat.com/errata/RHSA-2022:0538
reference_id	RHSA-2022:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0538

reference_url	https://access.redhat.com/errata/RHSA-2022:0539
reference_id	RHSA-2022:0539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0539

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1740985

reference_id

show_bug.cgi?id=1740985

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1740985

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1748503

reference_id

show_bug.cgi?id=1748503

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1748503

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

reference_url	https://usn.ubuntu.com/5345-1/
reference_id	USN-5345-1
reference_type
scores
url	https://usn.ubuntu.com/5345-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22760

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xr76-k5r5-zuda

url VCID-zvy4-4b7w-mqc7

vulnerability_id VCID-zvy4-4b7w-mqc7

summary By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22755

reference_id

reference_type

scores

value	0.00718
scoring_system	epss
scoring_elements	0.72899
published_at	2026-06-11T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72977
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22755

reference_url	https://security.gentoo.org/glsa/202202-03
reference_id	GLSA-202202-03
reference_type
scores
url	https://security.gentoo.org/glsa/202202-03

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_id

mfsa2022-04

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_id

mfsa2022-04

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:40:45Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-04/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1309630

reference_id

show_bug.cgi?id=1309630

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:40:45Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1309630

reference_url	https://usn.ubuntu.com/5284-1/
reference_id	USN-5284-1
reference_type
scores
url	https://usn.ubuntu.com/5284-1/

fixed_packages

url	pkg:deb/debian/firefox@97.0-1?distro=sid
purl	pkg:deb/debian/firefox@97.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.4-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.4-1%3Fdistro=sid

aliases CVE-2022-22755

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvy4-4b7w-mqc7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@97.0-1%3Fdistro=sid

Package Instance