{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","type":"deb","namespace":"debian","name":"firefox","version":"66.0-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"66.0.1-1","latest_non_vulnerable_version":"150.0.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63328?format=json","vulnerability_id":"VCID-23v6-x6d6-buca","summary":"A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9805","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61949","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61895","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61857","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61858","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61933","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6196","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61942","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61939","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9805"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23v6-x6d6-buca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63329?format=json","vulnerability_id":"VCID-4555-zn45-mfd8","summary":"A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9806","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56864","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56742","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56801","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56857","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56834","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56888","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56884","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56881","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56799","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.568","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9806"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9806"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4555-zn45-mfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63323?format=json","vulnerability_id":"VCID-7aua-26jh-y3cr","summary":"Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9799","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46299","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46296","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46212","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46278","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46359","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46365","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46419","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46307","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9799"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9799"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aua-26jh-y3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36911?format=json","vulnerability_id":"VCID-7yw2-2r4n-rugg","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9790.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9790","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72454","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72403","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72399","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72429","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72315","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72321","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72372","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7236","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690675","reference_id":"1690675","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690675"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9790"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yw2-2r4n-rugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36910?format=json","vulnerability_id":"VCID-a2k9-85qx-u7cy","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9788.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9788","reference_id":"","reference_type":"","scores":[{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.84059","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83986","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83994","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.8402","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.84042","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83867","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83881","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83897","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83899","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83922","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83929","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83961","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690674","reference_id":"1690674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690674"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9788"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2k9-85qx-u7cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63326?format=json","vulnerability_id":"VCID-bxng-uq7z-hubn","summary":"The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9803","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30878","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31335","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30803","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30873","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31474","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31515","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31333","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31351","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31323","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31031","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30953","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9803"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9803"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxng-uq7z-hubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36923?format=json","vulnerability_id":"VCID-drcd-xhd2-27hn","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9793.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9793.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9793","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60915","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60853","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60866","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60858","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60713","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60851","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60833","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60875","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.6088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60864","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690678","reference_id":"1690678","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690678"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9793"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drcd-xhd2-27hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63332?format=json","vulnerability_id":"VCID-f2z3-egzk-efgj","summary":"If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown origin\" as the requestee, leading to user confusion about which site is asking for this permission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9808","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25647","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25879","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25523","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25751","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25874","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25886","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25845","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25774","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25746","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25683","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25635","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9808"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9808"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2z3-egzk-efgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63325?format=json","vulnerability_id":"VCID-g45q-v1td-9qcz","summary":"If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9802","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43497","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43478","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43713","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43705","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4375","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4374","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4361","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43614","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43532","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9802"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9802"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g45q-v1td-9qcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63330?format=json","vulnerability_id":"VCID-gyt6-vfya-pueg","summary":"When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9807","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41829","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41903","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42222","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42185","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42158","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42184","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42115","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4206","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42054","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41972","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9807"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9807"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyt6-vfya-pueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36912?format=json","vulnerability_id":"VCID-rhzx-ha7x-dfew","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9791.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9791","reference_id":"","reference_type":"","scores":[{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-05-09T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97233","published_at":"2026-04-29T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-05-05T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97244","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97188","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.972","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97201","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38066","scoring_system":"epss","scoring_elements":"0.97228","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690676","reference_id":"1690676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690676"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1791","reference_id":"CVE-2019-9791","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1791"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46613.js","reference_id":"CVE-2019-9791","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46613.js"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9791"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhzx-ha7x-dfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63333?format=json","vulnerability_id":"VCID-t1cv-pb54-xyge","summary":"Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Álvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and André Bargull reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9789","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63419","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63211","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63322","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63367","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6327","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63265","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63316","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63334","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63341","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6332","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6334","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63353","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9789"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9789"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1cv-pb54-xyge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63321?format=json","vulnerability_id":"VCID-tff1-6wkz-jyar","summary":"Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9797.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9797","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6524","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65139","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65195","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65024","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65114","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65146","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65109","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65155","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712622","reference_id":"1712622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712622"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1265","reference_id":"RHSA-2019:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1267","reference_id":"RHSA-2019:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1269","reference_id":"RHSA-2019:1269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1308","reference_id":"RHSA-2019:1308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1309","reference_id":"RHSA-2019:1309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1310","reference_id":"RHSA-2019:1310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1310"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3997-1/","reference_id":"USN-3997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3997-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9797"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tff1-6wkz-jyar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36924?format=json","vulnerability_id":"VCID-vrvn-krwb-d3dr","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9795.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9795","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72454","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72403","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72399","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72429","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72315","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72321","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72372","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7236","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690680","reference_id":"1690680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690680"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9795"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrvn-krwb-d3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36920?format=json","vulnerability_id":"VCID-wwck-cpa8-y3c5","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9792.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9792","reference_id":"","reference_type":"","scores":[{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95346","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95318","published_at":"2026-04-24T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.9532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95338","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95274","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95279","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95284","published_at":"2026-04-07T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95292","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.953","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95313","published_at":"2026-04-18T12:55:00Z"},{"value":"0.18866","scoring_system":"epss","scoring_elements":"0.95317","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690677","reference_id":"1690677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690677"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1794","reference_id":"CVE-2019-9792","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1794"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46939.txt","reference_id":"CVE-2019-9792","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46939.txt"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9792"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwck-cpa8-y3c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36929?format=json","vulnerability_id":"VCID-x4sm-zyc1-ffd4","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9796.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9796","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72454","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72403","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72399","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72429","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72315","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72321","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72372","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7236","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690681","reference_id":"1690681","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690681"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0622","reference_id":"RHSA-2019:0622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0623","reference_id":"RHSA-2019:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0680","reference_id":"RHSA-2019:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0681","reference_id":"RHSA-2019:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0966","reference_id":"RHSA-2019:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1144","reference_id":"RHSA-2019:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1144"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"},{"reference_url":"https://usn.ubuntu.com/3927-1/","reference_id":"USN-3927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3927-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9796"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4sm-zyc1-ffd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63331?format=json","vulnerability_id":"VCID-zcdh-q78g-x7gr","summary":"If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9809","reference_id":"","reference_type":"","scores":[{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.6513","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65039","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65087","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64964","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64991","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65035","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65025","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65044","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65029","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65047","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.6506","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65058","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9809"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://usn.ubuntu.com/3918-1/","reference_id":"USN-3918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-1/"},{"reference_url":"https://usn.ubuntu.com/3918-2/","reference_id":"USN-3918-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3918-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582429?format=json","purl":"pkg:deb/debian/firefox@66.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"}],"aliases":["CVE-2019-9809"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zcdh-q78g-x7gr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@66.0-1%3Fdistro=sid"}