Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/461081?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "firefox-esr", "version": "115.0-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "115.0.2-r0", "latest_non_vulnerable_version": "115.6.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1060?format=api", "vulnerability_id": "VCID-1944-a6w8-97gq", "summary": "Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40454", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40456", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40429", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40401", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40415", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37206" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1944-a6w8-97gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1062?format=api", "vulnerability_id": "VCID-2q4b-2wng-vyfw", "summary": "A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34204", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34243", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34259", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34184", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37210" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:25:23Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821886", "reference_id": "show_bug.cgi?id=1821886", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:25:23Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821886" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q4b-2wng-vyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1058?format=api", "vulnerability_id": "VCID-5242-dzsz-4bhq", "summary": "A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38108", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38111", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38083", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38049", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3806", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37204" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5242-dzsz-4bhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/967?format=api", "vulnerability_id": "VCID-7agd-rce4-pyhf", "summary": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71303", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71279", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71308", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71294", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71315", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748", "reference_id": "2219748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5450", "reference_id": "dsa-5450", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5451", "reference_id": "dsa-5451", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5451" }, { "reference_url": "https://security.gentoo.org/glsa/202402-25", "reference_id": "GLSA-202402-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4062", "reference_id": "RHSA-2023:4062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4063", "reference_id": "RHSA-2023:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4064", "reference_id": "RHSA-2023:4064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4065", "reference_id": "RHSA-2023:4065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4066", "reference_id": "RHSA-2023:4066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4067", "reference_id": "RHSA-2023:4067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4068", "reference_id": "RHSA-2023:4068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4069", "reference_id": "RHSA-2023:4069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4070", "reference_id": "RHSA-2023:4070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4071", "reference_id": "RHSA-2023:4071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4072", "reference_id": "RHSA-2023:4072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4073", "reference_id": "RHSA-2023:4073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4074", "reference_id": "RHSA-2023:4074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4075", "reference_id": "RHSA-2023:4075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4076", "reference_id": "RHSA-2023:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4079", "reference_id": "RHSA-2023:4079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4079" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1834711", "reference_id": "show_bug.cgi?id=1834711", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T14:17:49Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1834711" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" }, { "reference_url": "https://usn.ubuntu.com/6214-1/", "reference_id": "USN-6214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6214-1/" }, { "reference_url": "https://usn.ubuntu.com/6227-1/", "reference_id": "USN-6227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37202" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7agd-rce4-pyhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/968?format=api", "vulnerability_id": "VCID-8wq1-tau9-4yhv", "summary": "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37207.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62143", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62126", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62145", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62142", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62153", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749", "reference_id": "2219749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5450", "reference_id": "dsa-5450", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5451", "reference_id": "dsa-5451", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5451" }, { "reference_url": "https://security.gentoo.org/glsa/202402-25", "reference_id": "GLSA-202402-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4062", "reference_id": "RHSA-2023:4062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4063", "reference_id": "RHSA-2023:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4064", "reference_id": "RHSA-2023:4064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4065", "reference_id": "RHSA-2023:4065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4066", "reference_id": "RHSA-2023:4066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4067", "reference_id": "RHSA-2023:4067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4068", "reference_id": "RHSA-2023:4068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4069", "reference_id": "RHSA-2023:4069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4070", "reference_id": "RHSA-2023:4070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4071", "reference_id": "RHSA-2023:4071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4072", "reference_id": "RHSA-2023:4072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4073", "reference_id": "RHSA-2023:4073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4074", "reference_id": "RHSA-2023:4074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4075", "reference_id": "RHSA-2023:4075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4076", "reference_id": "RHSA-2023:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4079", "reference_id": "RHSA-2023:4079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4079" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816287", "reference_id": "show_bug.cgi?id=1816287", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816287" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" }, { "reference_url": "https://usn.ubuntu.com/6214-1/", "reference_id": "USN-6214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37207" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wq1-tau9-4yhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1057?format=api", "vulnerability_id": "VCID-an5t-gfny-qbep", "summary": "Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15076", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14944", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15027", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15067", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14969", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37203" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:15:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=291640", "reference_id": "show_bug.cgi?id=291640", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:15:50Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=291640" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an5t-gfny-qbep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1063?format=api", "vulnerability_id": "VCID-d6zn-7wxb-jucc", "summary": "Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48937", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48945", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48927", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48897", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48912", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37212" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6zn-7wxb-jucc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1056?format=api", "vulnerability_id": "VCID-k1xc-5bbg-tfca", "summary": "When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42347", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42387", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42398", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42372", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42338", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3482" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-12T20:14:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839464", "reference_id": "show_bug.cgi?id=1839464", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-12T20:14:31Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839464" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-3482" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1xc-5bbg-tfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/969?format=api", "vulnerability_id": "VCID-k7bk-kyma-gqh3", "summary": "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37208.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15277", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15251", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15384", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15335", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15375", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750", "reference_id": "2219750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5450", "reference_id": "dsa-5450", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5451", "reference_id": "dsa-5451", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5451" }, { "reference_url": "https://security.gentoo.org/glsa/202402-25", "reference_id": "GLSA-202402-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4062", "reference_id": "RHSA-2023:4062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4063", "reference_id": "RHSA-2023:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4064", "reference_id": "RHSA-2023:4064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4065", "reference_id": "RHSA-2023:4065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4066", "reference_id": "RHSA-2023:4066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4067", "reference_id": "RHSA-2023:4067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4068", "reference_id": "RHSA-2023:4068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4069", "reference_id": "RHSA-2023:4069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4070", "reference_id": "RHSA-2023:4070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4071", "reference_id": "RHSA-2023:4071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4072", "reference_id": "RHSA-2023:4072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4073", "reference_id": "RHSA-2023:4073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4074", "reference_id": "RHSA-2023:4074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4075", "reference_id": "RHSA-2023:4075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4076", "reference_id": "RHSA-2023:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4079", "reference_id": "RHSA-2023:4079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4079" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837675", "reference_id": "show_bug.cgi?id=1837675", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837675" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" }, { "reference_url": "https://usn.ubuntu.com/6214-1/", "reference_id": "USN-6214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37208" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7bk-kyma-gqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1059?format=api", "vulnerability_id": "VCID-v2eg-7ggp-s7fm", "summary": "The use of RTL Arabic characters in the address bar may have allowed for URL spoofing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42369", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42343", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42309", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42317", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37205" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2eg-7ggp-s7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/966?format=api", "vulnerability_id": "VCID-w1jb-tadw-9yc8", "summary": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00758", "scoring_system": "epss", "scoring_elements": "0.73701", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00758", "scoring_system": "epss", "scoring_elements": "0.73675", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00758", "scoring_system": "epss", "scoring_elements": "0.73699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00758", "scoring_system": "epss", "scoring_elements": "0.73689", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00758", "scoring_system": "epss", "scoring_elements": "0.73702", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747", "reference_id": "2219747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5450", "reference_id": "dsa-5450", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5451", "reference_id": "dsa-5451", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5451" }, { "reference_url": "https://security.gentoo.org/glsa/202402-25", "reference_id": "GLSA-202402-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4062", "reference_id": "RHSA-2023:4062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4063", "reference_id": "RHSA-2023:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4064", "reference_id": "RHSA-2023:4064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4065", "reference_id": "RHSA-2023:4065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4066", "reference_id": "RHSA-2023:4066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4067", "reference_id": "RHSA-2023:4067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4068", "reference_id": "RHSA-2023:4068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4069", "reference_id": "RHSA-2023:4069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4070", "reference_id": "RHSA-2023:4070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4071", "reference_id": "RHSA-2023:4071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4072", "reference_id": "RHSA-2023:4072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4073", "reference_id": "RHSA-2023:4073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4074", "reference_id": "RHSA-2023:4074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4075", "reference_id": "RHSA-2023:4075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4076", "reference_id": "RHSA-2023:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4079", "reference_id": "RHSA-2023:4079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4079" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002", "reference_id": "show_bug.cgi?id=1826002", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" }, { "reference_url": "https://usn.ubuntu.com/6214-1/", "reference_id": "USN-6214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37201" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1jb-tadw-9yc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1061?format=api", "vulnerability_id": "VCID-xxsj-tqme-zyep", "summary": "A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48325", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48328", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4831", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48282", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48294", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37209" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxsj-tqme-zyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/970?format=api", "vulnerability_id": "VCID-ywgd-1nj5-97et", "summary": "Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66312", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66294", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66314", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66307", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66323", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751", "reference_id": "2219751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450", "reference_id": "buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5450", "reference_id": "dsa-5450", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5450" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5451", "reference_id": "dsa-5451", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5451" }, { "reference_url": "https://security.gentoo.org/glsa/202402-25", "reference_id": "GLSA-202402-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-22" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", "reference_id": "mfsa2023-22", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", "reference_id": "mfsa2023-23", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-24" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", "reference_id": "mfsa2023-24", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4062", "reference_id": "RHSA-2023:4062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4063", "reference_id": "RHSA-2023:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4064", "reference_id": "RHSA-2023:4064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4065", "reference_id": "RHSA-2023:4065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4066", "reference_id": "RHSA-2023:4066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4067", "reference_id": "RHSA-2023:4067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4068", "reference_id": "RHSA-2023:4068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4069", "reference_id": "RHSA-2023:4069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4070", "reference_id": "RHSA-2023:4070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4071", "reference_id": "RHSA-2023:4071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4072", "reference_id": "RHSA-2023:4072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4073", "reference_id": "RHSA-2023:4073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4074", "reference_id": "RHSA-2023:4074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4075", "reference_id": "RHSA-2023:4075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4076", "reference_id": "RHSA-2023:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4079", "reference_id": "RHSA-2023:4079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4079" }, { "reference_url": "https://usn.ubuntu.com/6201-1/", "reference_id": "USN-6201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6201-1/" }, { "reference_url": "https://usn.ubuntu.com/6214-1/", "reference_id": "USN-6214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6214-1/" }, { "reference_url": "https://usn.ubuntu.com/6227-1/", "reference_id": "USN-6227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461081?format=api", "purl": "pkg:apk/alpine/firefox-esr@115.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-37211" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywgd-1nj5-97et" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }