Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/425060?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "thunderbird", "version": "91.6.0-r0", "qualifiers": { "arch": "aarch64", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "91.6.2-r0", "latest_non_vulnerable_version": "128.5.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1760?format=api", "vulnerability_id": "VCID-6k79-gy9s-33h4", "summary": "Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67749", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67753", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67759", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67712", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67733", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053243", "reference_id": "2053243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053243" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279", "reference_id": "buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22764" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6k79-gy9s-33h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1754?format=api", "vulnerability_id": "VCID-9nc3-6nbk-cqgs", "summary": "If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23609", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23592", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23546", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23527", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23494", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2349", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053236", "reference_id": "2053236", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053236" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750565", "reference_id": "show_bug.cgi?id=1750565", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750565" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22754" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nc3-6nbk-cqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1755?format=api", "vulnerability_id": "VCID-h7ha-a8cy-xber", "summary": "If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64715", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64704", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64665", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64712", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64693", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053237", "reference_id": "2053237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053237" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317873", "reference_id": "show_bug.cgi?id=1317873", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317873" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22756" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7ha-a8cy-xber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1758?format=api", "vulnerability_id": "VCID-hg2h-8qks-y3df", "summary": "Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57666", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57675", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57665", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57614", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5767", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57652", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053239", "reference_id": "2053239", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053239" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566", "reference_id": "show_bug.cgi?id=1745566", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22761" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hg2h-8qks-y3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1753?format=api", "vulnerability_id": "VCID-m1sa-ecyr-yyem", "summary": "A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58614", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58615", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58621", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58568", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053241", "reference_id": "2053241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053241" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732435", "reference_id": "show_bug.cgi?id=1732435", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732435" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1sa-ecyr-yyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1756?format=api", "vulnerability_id": "VCID-ntuu-tveg-fbht", "summary": "If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56009", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56015", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55954", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56006", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55985", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053242", "reference_id": "2053242", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053242" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739957", "reference_id": "show_bug.cgi?id=1739957", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739957" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22759" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntuu-tveg-fbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1757?format=api", "vulnerability_id": "VCID-rhs1-h4t5-qfhn", "summary": "When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49634", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49562", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49602", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49587", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053238", "reference_id": "2053238", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053238" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "reference_id": "mfsa2022-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985", "reference_id": "show_bug.cgi?id=1740985", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503", "reference_id": "show_bug.cgi?id=1748503", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503" }, { "reference_url": "https://usn.ubuntu.com/5284-1/", "reference_id": "USN-5284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5284-1/" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22760" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhs1-h4t5-qfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1759?format=api", "vulnerability_id": "VCID-t6x1-8n3e-13cp", "summary": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66071", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66083", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66067", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66073", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66055", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053240", "reference_id": "2053240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053240" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "reference_id": "mfsa2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "reference_id": "mfsa2022-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0510", "reference_id": "RHSA-2022:0510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0511", "reference_id": "RHSA-2022:0511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0512", "reference_id": "RHSA-2022:0512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0513", "reference_id": "RHSA-2022:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0514", "reference_id": "RHSA-2022:0514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0535", "reference_id": "RHSA-2022:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0536", "reference_id": "RHSA-2022:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0537", "reference_id": "RHSA-2022:0537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0538", "reference_id": "RHSA-2022:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0539", "reference_id": "RHSA-2022:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0539" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534", "reference_id": "show_bug.cgi?id=1740534", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534" }, { "reference_url": "https://usn.ubuntu.com/5345-1/", "reference_id": "USN-5345-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5345-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/425060?format=api", "purl": "pkg:apk/alpine/thunderbird@91.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-22763" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6x1-8n3e-13cp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }