Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582224?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "type": "deb", "namespace": "debian", "name": "firefox", "version": "147.0-1", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "147.0.2-1", "latest_non_vulnerable_version": "150.0.3-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=api", "vulnerability_id": "VCID-6cx1-8t9m-u3av", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04873", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04867", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04822", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04784", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04788", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04763", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04551", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04541", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "reference_id": "2428978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658", "reference_id": "show_bug.cgi?id=2005658", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0886" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=api", "vulnerability_id": "VCID-8u4y-zrhv-8fe9", "summary": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02915", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02691", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02794", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02851", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02823", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02839", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02872", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02883", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02884", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02737", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "reference_id": "2428972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500", "reference_id": "show_bug.cgi?id=2006500", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0887" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62790?format=api", "vulnerability_id": "VCID-9gcc-mnu4-jkf5", "summary": "Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06563", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0628", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06306", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06448", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06522", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06534", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06546", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0608", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06121", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06159", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0615", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06146", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06099", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0611", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428964", "reference_id": "2428964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428964" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:30:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:30:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999084", "reference_id": "show_bug.cgi?id=1999084", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:30:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999084" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0889" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gcc-mnu4-jkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=api", "vulnerability_id": "VCID-a98z-hwzc-wkcj", "summary": "Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05922", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05914", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05913", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05901", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05757", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "reference_id": "2428966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125", "reference_id": "show_bug.cgi?id=1924125", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0882" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=api", "vulnerability_id": "VCID-deth-9krh-kufj", "summary": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04242", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03993", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0415", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04185", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04153", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0418", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04217", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04222", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04225", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "reference_id": "2428971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081", "reference_id": "show_bug.cgi?id=2005081", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0890" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=api", "vulnerability_id": "VCID-h2gc-zk2a-1fg6", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07436", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07187", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07216", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07196", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07167", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07181", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07336", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07409", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07388", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07402", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "reference_id": "2428967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588", "reference_id": "show_bug.cgi?id=2003588", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0884" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=api", "vulnerability_id": "VCID-jybh-8px4-pqau", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06103", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0572", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05915", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05929", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06019", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06093", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06096", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05729", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "reference_id": "2428961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607", "reference_id": "show_bug.cgi?id=2003607", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0885" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62788?format=api", "vulnerability_id": "VCID-n8j8-h4yf-jffz", "summary": "Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08406", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08262", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08201", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08166", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08139", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08273", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0834", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0832", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0835", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08183", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08238", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08116", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0881" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428970", "reference_id": "2428970", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428970" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:29:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:29:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005845", "reference_id": "show_bug.cgi?id=2005845", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:29:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005845" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0881" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8j8-h4yf-jffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=api", "vulnerability_id": "VCID-ndd4-kd1y-z7ep", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08003", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07739", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07789", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07874", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07942", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0793", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07955", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07783", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "reference_id": "2428965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989", "reference_id": "show_bug.cgi?id=2003989", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0878" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=api", "vulnerability_id": "VCID-nkpq-9gd6-nuc4", "summary": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07116", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06845", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0686", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07013", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.071", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07081", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07096", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "reference_id": "2428963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_id": "buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=api", "vulnerability_id": "VCID-pemg-ndu8-wbbc", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07565", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07528", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07319", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07513", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0753", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07462", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07299", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07325", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07309", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "reference_id": "2428973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602", "reference_id": "show_bug.cgi?id=2004602", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0879" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=api", "vulnerability_id": "VCID-qm8f-f8nr-qba9", "summary": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05922", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05914", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05913", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05901", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05757", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "reference_id": "2428975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014", "reference_id": "show_bug.cgi?id=2005014", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0880" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=api", "vulnerability_id": "VCID-t2c3-smqc-zkba", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06751", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0672", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06704", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06696", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06632", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06504", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06481", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06468", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06445", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0627", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06278", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "reference_id": "2428969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "reference_id": "show_bug.cgi?id=1999257", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62789?format=api", "vulnerability_id": "VCID-uq72-gmg1-uyem", "summary": "Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0888.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0888.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02672", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02584", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02561", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02622", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02591", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02609", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02647", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02644", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02646", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02485", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02501", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02499", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02488", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02471", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02477", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0888" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428962", "reference_id": "2428962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428962" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:29:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:29:19Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1985996", "reference_id": "show_bug.cgi?id=1985996", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:29:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1985996" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0888" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq72-gmg1-uyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62791?format=api", "vulnerability_id": "VCID-z4ej-1821-k7dp", "summary": "Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0892.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0892.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06523", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06233", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06274", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06408", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06482", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06494", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06505", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06022", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06119", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0611", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06098", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0606", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06071", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0892" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428977", "reference_id": "2428977", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428977" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443", "reference_id": "buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:04Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:04Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0892" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ej-1821-k7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=api", "vulnerability_id": "VCID-zdxh-fp2e-47dd", "summary": "Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03274", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03034", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03207", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03195", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03231", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03235", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0324", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03106", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "reference_id": "2428968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340", "reference_id": "show_bug.cgi?id=1989340", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582224?format=api", "purl": "pkg:deb/debian/firefox@147.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076056?format=api", "purl": "pkg:deb/debian/firefox@150.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088670?format=api", "purl": "pkg:deb/debian/firefox@150.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105248?format=api", "purl": "pkg:deb/debian/firefox@150.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1112518?format=api", "purl": "pkg:deb/debian/firefox@150.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-0883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@147.0-1%3Fdistro=sid" }