Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie

Type deb

Namespace debian

Name firefox-esr

Version 102.3.0esr-1~deb11u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 102.3.0esr-1

Latest_non_vulnerable_version 140.11.0esr-1~deb13u1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3gcu-sc6a-qqh2

vulnerability_id VCID-3gcu-sc6a-qqh2

summary Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40960.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40960

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36813
published_at	2026-06-12T12:55:00Z

value	0.00159
scoring_system	epss
scoring_elements	0.36634
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128793
reference_id	2128793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128793

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:26Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:26Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:26Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1787633

reference_id

show_bug.cgi?id=1787633

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:51:26Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1787633

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40960

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gcu-sc6a-qqh2

url VCID-a774-2r3b-17ek

vulnerability_id VCID-a774-2r3b-17ek

summary By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40958.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40958.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40958

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49708
published_at	2026-06-12T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49572
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128794
reference_id	2128794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128794

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:54:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:54:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:54:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1779993

reference_id

show_bug.cgi?id=1779993

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:54:50Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1779993

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40958

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a774-2r3b-17ek

url VCID-fw8u-wqws-13eq

vulnerability_id VCID-fw8u-wqws-13eq

summary Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40962.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40962.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40962

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.51495
published_at	2026-06-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51363
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128797
reference_id	2128797
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128797

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1776655%2C1777574%2C1784835%2C1785109%2C1786502%2C1789440

reference_id

buglist.cgi?bug_id=1776655%2C1777574%2C1784835%2C1785109%2C1786502%2C1789440

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:48:20Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1776655%2C1777574%2C1784835%2C1785109%2C1786502%2C1789440

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:48:20Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:48:20Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:48:20Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40962

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fw8u-wqws-13eq

url VCID-jvxk-8ke5-wqhb

vulnerability_id VCID-jvxk-8ke5-wqhb

summary Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40957.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40957.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40957

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38112
published_at	2026-06-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37935
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128796
reference_id	2128796
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128796

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:09:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:09:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:09:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1777604

reference_id

show_bug.cgi?id=1777604

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:09:12Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1777604

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40957

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvxk-8ke5-wqhb

url VCID-xzf3-4htv-dqe5

vulnerability_id VCID-xzf3-4htv-dqe5

summary When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40956.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40956.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40956

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37999
published_at	2026-06-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37823
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128795
reference_id	2128795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128795

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:10:59Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:10:59Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:10:59Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1770094

reference_id

show_bug.cgi?id=1770094

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:10:59Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1770094

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40956

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzf3-4htv-dqe5

url VCID-zdgn-hr6e-jyfu

vulnerability_id VCID-zdgn-hr6e-jyfu

summary During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40959.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40959

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.33208
published_at	2026-06-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33026
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2128792
reference_id	2128792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2128792

reference_url	https://security.gentoo.org/glsa/202209-18
reference_id	GLSA-202209-18
reference_type
scores
url	https://security.gentoo.org/glsa/202209-18

reference_url	https://security.gentoo.org/glsa/202209-27
reference_id	GLSA-202209-27
reference_type
scores
url	https://security.gentoo.org/glsa/202209-27

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:53:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:53:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:53:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1782211

reference_id

show_bug.cgi?id=1782211

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:53:23Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1782211

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-40959

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdgn-hr6e-jyfu

url VCID-zrm7-jhb2-8bfg

vulnerability_id VCID-zrm7-jhb2-8bfg

summary An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3266.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3266.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3266

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24517
published_at	2026-06-12T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24323
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3266

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2157739
reference_id	2157739
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2157739

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_id

mfsa2022-40

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-40

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_id

mfsa2022-40

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:57:13Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-40/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_id

mfsa2022-41

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_id

mfsa2022-41

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:57:13Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-41/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_id

mfsa2022-42

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_id

mfsa2022-42

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:57:13Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-42/

reference_url	https://access.redhat.com/errata/RHSA-2022:6700
reference_id	RHSA-2022:6700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6700

reference_url	https://access.redhat.com/errata/RHSA-2022:6701
reference_id	RHSA-2022:6701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6701

reference_url	https://access.redhat.com/errata/RHSA-2022:6702
reference_id	RHSA-2022:6702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6702

reference_url	https://access.redhat.com/errata/RHSA-2022:6703
reference_id	RHSA-2022:6703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6703

reference_url	https://access.redhat.com/errata/RHSA-2022:6707
reference_id	RHSA-2022:6707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6707

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6711
reference_id	RHSA-2022:6711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6711

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1767360

reference_id

show_bug.cgi?id=1767360

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:57:13Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1767360

reference_url	https://usn.ubuntu.com/5649-1/
reference_id	USN-5649-1
reference_type
scores
url	https://usn.ubuntu.com/5649-1/

reference_url	https://usn.ubuntu.com/5724-1/
reference_id	USN-5724-1
reference_type
scores
url	https://usn.ubuntu.com/5724-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@102.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zj6v-hmj8-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2022-3266

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrm7-jhb2-8bfg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.3.0esr-1~deb11u1%3Fdistro=trixie

Package Instance