Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@65.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 65.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 65.0.1-1

Latest_non_vulnerable_version 150.0.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-8tfc-2aaq-47dk

vulnerability_id VCID-8tfc-2aaq-47dk

summary A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18504

reference_id

reference_type

scores

value	0.02737
scoring_system	epss
scoring_elements	0.86018
published_at	2026-04-29T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85908
published_at	2026-04-01T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85992
published_at	2026-04-16T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85997
published_at	2026-04-18T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85988
published_at	2026-04-21T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.86007
published_at	2026-04-24T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.86017
published_at	2026-04-26T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85919
published_at	2026-04-02T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85936
published_at	2026-04-04T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85938
published_at	2026-04-07T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85956
published_at	2026-04-08T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85966
published_at	2026-04-09T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85981
published_at	2026-04-11T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85979
published_at	2026-04-12T12:55:00Z

value	0.02737
scoring_system	epss
scoring_elements	0.85974
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18504

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	http://www.securityfocus.com/bid/106773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106773

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18504

reference_id

CVE-2018-18504

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18504

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18504

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tfc-2aaq-47dk

url VCID-ajzz-xqu4-y7fe

vulnerability_id VCID-ajzz-xqu4-y7fe

summary When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18503

reference_id

reference_type

scores

value	0.0201
scoring_system	epss
scoring_elements	0.83773
published_at	2026-04-29T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83632
published_at	2026-04-01T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83697
published_at	2026-04-13T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83732
published_at	2026-04-16T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83733
published_at	2026-04-21T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83757
published_at	2026-04-24T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83765
published_at	2026-04-26T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83645
published_at	2026-04-02T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83659
published_at	2026-04-04T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83661
published_at	2026-04-07T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83685
published_at	2026-04-08T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83692
published_at	2026-04-09T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83708
published_at	2026-04-11T12:55:00Z

value	0.0201
scoring_system	epss
scoring_elements	0.83702
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18503

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	http://www.securityfocus.com/bid/106773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106773

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18503

reference_id

CVE-2018-18503

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18503

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18503

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajzz-xqu4-y7fe

url VCID-ce3x-bw1m-jyf4

vulnerability_id VCID-ce3x-bw1m-jyf4

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird and
    Firefox, the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18506.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18506.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18506

reference_id

reference_type

scores

value	0.0236
scoring_system	epss
scoring_elements	0.8498
published_at	2026-04-29T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84934
published_at	2026-04-11T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84933
published_at	2026-04-12T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84928
published_at	2026-04-13T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.8495
published_at	2026-04-18T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84947
published_at	2026-04-21T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84973
published_at	2026-04-24T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84982
published_at	2026-04-26T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84851
published_at	2026-04-01T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84866
published_at	2026-04-02T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84884
published_at	2026-04-04T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84886
published_at	2026-04-07T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84909
published_at	2026-04-08T12:55:00Z

value	0.0236
scoring_system	epss
scoring_elements	0.84917
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html

reference_url	https://seclists.org/bugtraq/2019/Apr/0
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/0

reference_url	https://seclists.org/bugtraq/2019/Mar/28
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Mar/28

reference_url	https://www.debian.org/security/2019/dsa-4411
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4411

reference_url	https://www.debian.org/security/2019/dsa-4420
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4420

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	http://www.securityfocus.com/bid/106773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106773

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1690673
reference_id	1690673
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1690673

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18506

reference_id

CVE-2018-18506

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18506

reference_url	https://security.gentoo.org/glsa/201904-07
reference_id	GLSA-201904-07
reference_type
scores
url	https://security.gentoo.org/glsa/201904-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08

reference_id

mfsa2019-08

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-11

reference_id

mfsa2019-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-11

reference_url	https://access.redhat.com/errata/RHSA-2019:0622
reference_id	RHSA-2019:0622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0622

reference_url	https://access.redhat.com/errata/RHSA-2019:0623
reference_id	RHSA-2019:0623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0623

reference_url	https://access.redhat.com/errata/RHSA-2019:0680
reference_id	RHSA-2019:0680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0680

reference_url	https://access.redhat.com/errata/RHSA-2019:0681
reference_id	RHSA-2019:0681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0681

reference_url	https://access.redhat.com/errata/RHSA-2019:0966
reference_id	RHSA-2019:0966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0966

reference_url	https://access.redhat.com/errata/RHSA-2019:1144
reference_id	RHSA-2019:1144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1144

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

reference_url	https://usn.ubuntu.com/3927-1/
reference_id	USN-3927-1
reference_type
scores
url	https://usn.ubuntu.com/3927-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18506

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3x-bw1m-jyf4

url VCID-t2pe-y7k4-1ff2

vulnerability_id VCID-t2pe-y7k4-1ff2

summary Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Álvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18502

reference_id

reference_type

scores

value	0.0395
scoring_system	epss
scoring_elements	0.88383
published_at	2026-04-29T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88297
published_at	2026-04-01T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88352
published_at	2026-04-13T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88365
published_at	2026-04-16T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88362
published_at	2026-04-21T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88378
published_at	2026-04-24T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88382
published_at	2026-04-26T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88305
published_at	2026-04-02T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.8832
published_at	2026-04-04T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88324
published_at	2026-04-07T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88344
published_at	2026-04-08T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.8835
published_at	2026-04-09T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.8836
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18502

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	http://www.securityfocus.com/bid/106773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106773

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18502

reference_id

CVE-2018-18502

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18502

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18502

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2pe-y7k4-1ff2

url VCID-tbu1-adxe-sudv

vulnerability_id VCID-tbu1-adxe-sudv

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird and
    Firefox, the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18501

reference_id

reference_type

scores

value	0.04635
scoring_system	epss
scoring_elements	0.89317
published_at	2026-04-29T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89288
published_at	2026-04-12T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89285
published_at	2026-04-13T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89298
published_at	2026-04-16T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89297
published_at	2026-04-18T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89292
published_at	2026-04-21T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89309
published_at	2026-04-24T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89314
published_at	2026-04-26T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89238
published_at	2026-04-01T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89244
published_at	2026-04-02T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89258
published_at	2026-04-04T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89261
published_at	2026-04-07T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89278
published_at	2026-04-08T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89282
published_at	2026-04-09T12:55:00Z

value	0.04635
scoring_system	epss
scoring_elements	0.89291
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

reference_url	https://www.debian.org/security/2019/dsa-4376
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4376

reference_url	https://www.debian.org/security/2019/dsa-4392
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4392

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-03/

reference_url	http://www.securityfocus.com/bid/106781
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1670632
reference_id	1670632
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1670632

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18501

reference_id

CVE-2018-18501

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18501

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url	https://security.gentoo.org/glsa/201904-07
reference_id	GLSA-201904-07
reference_type
scores
url	https://security.gentoo.org/glsa/201904-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_id

mfsa2019-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_id

mfsa2019-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_url	https://access.redhat.com/errata/RHSA-2019:0218
reference_id	RHSA-2019:0218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0218

reference_url	https://access.redhat.com/errata/RHSA-2019:0219
reference_id	RHSA-2019:0219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0219

reference_url	https://access.redhat.com/errata/RHSA-2019:0269
reference_id	RHSA-2019:0269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0269

reference_url	https://access.redhat.com/errata/RHSA-2019:0270
reference_id	RHSA-2019:0270
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0270

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

reference_url	https://usn.ubuntu.com/3897-1/
reference_id	USN-3897-1
reference_type
scores
url	https://usn.ubuntu.com/3897-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18501

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbu1-adxe-sudv

url VCID-tec1-8t8s-zqgb

vulnerability_id VCID-tec1-8t8s-zqgb

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird and
    Firefox, the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18500

reference_id

reference_type

scores

value	0.28229
scoring_system	epss
scoring_elements	0.96517
published_at	2026-04-29T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96494
published_at	2026-04-09T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96498
published_at	2026-04-12T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96501
published_at	2026-04-13T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96507
published_at	2026-04-16T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96512
published_at	2026-04-18T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96514
published_at	2026-04-24T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96515
published_at	2026-04-26T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96466
published_at	2026-04-01T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96474
published_at	2026-04-02T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96479
published_at	2026-04-04T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96483
published_at	2026-04-07T12:55:00Z

value	0.28229
scoring_system	epss
scoring_elements	0.96492
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

reference_url	https://www.debian.org/security/2019/dsa-4376
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4376

reference_url	https://www.debian.org/security/2019/dsa-4392
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4392

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-03/

reference_url	http://www.securityfocus.com/bid/106781
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1670631
reference_id	1670631
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1670631

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18500

reference_id

CVE-2018-18500

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18500

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url	https://security.gentoo.org/glsa/201904-07
reference_id	GLSA-201904-07
reference_type
scores
url	https://security.gentoo.org/glsa/201904-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_id

mfsa2019-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_id

mfsa2019-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_url	https://access.redhat.com/errata/RHSA-2019:0218
reference_id	RHSA-2019:0218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0218

reference_url	https://access.redhat.com/errata/RHSA-2019:0219
reference_id	RHSA-2019:0219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0219

reference_url	https://access.redhat.com/errata/RHSA-2019:0269
reference_id	RHSA-2019:0269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0269

reference_url	https://access.redhat.com/errata/RHSA-2019:0270
reference_id	RHSA-2019:0270
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0270

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

reference_url	https://usn.ubuntu.com/3897-1/
reference_id	USN-3897-1
reference_type
scores
url	https://usn.ubuntu.com/3897-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18500

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tec1-8t8s-zqgb

url VCID-wwgd-pew4-zkf5

vulnerability_id VCID-wwgd-pew4-zkf5

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird and
    Firefox, the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18505

reference_id

reference_type

scores

value	0.03141
scoring_system	epss
scoring_elements	0.86932
published_at	2026-04-29T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86892
published_at	2026-04-11T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86888
published_at	2026-04-12T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86883
published_at	2026-04-13T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.869
published_at	2026-04-16T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86905
published_at	2026-04-21T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86923
published_at	2026-04-24T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86928
published_at	2026-04-26T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86828
published_at	2026-04-01T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86838
published_at	2026-04-02T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86857
published_at	2026-04-04T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86851
published_at	2026-04-07T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86871
published_at	2026-04-08T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8688
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18505

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

reference_url	https://www.debian.org/security/2019/dsa-4376
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4376

reference_url	https://www.debian.org/security/2019/dsa-4392
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4392

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2019-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2019-03/

reference_url	http://www.securityfocus.com/bid/106781
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1670633
reference_id	1670633
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1670633

reference_url	https://security.archlinux.org/ASA-201902-2
reference_id	ASA-201902-2
reference_type
scores
url	https://security.archlinux.org/ASA-201902-2

reference_url

https://security.archlinux.org/AVG-862

reference_id

AVG-862

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18505

reference_id

CVE-2018-18505

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18505

reference_url	https://security.gentoo.org/glsa/201903-04
reference_id	GLSA-201903-04
reference_type
scores
url	https://security.gentoo.org/glsa/201903-04

reference_url	https://security.gentoo.org/glsa/201904-07
reference_id	GLSA-201904-07
reference_type
scores
url	https://security.gentoo.org/glsa/201904-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_id

mfsa2019-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_id

mfsa2019-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_id

mfsa2019-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-03

reference_url	https://access.redhat.com/errata/RHSA-2019:0218
reference_id	RHSA-2019:0218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0218

reference_url	https://access.redhat.com/errata/RHSA-2019:0219
reference_id	RHSA-2019:0219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0219

reference_url	https://access.redhat.com/errata/RHSA-2019:0269
reference_id	RHSA-2019:0269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0269

reference_url	https://access.redhat.com/errata/RHSA-2019:0270
reference_id	RHSA-2019:0270
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0270

reference_url	https://usn.ubuntu.com/3874-1/
reference_id	USN-3874-1
reference_type
scores
url	https://usn.ubuntu.com/3874-1/

reference_url	https://usn.ubuntu.com/3897-1/
reference_id	USN-3897-1
reference_type
scores
url	https://usn.ubuntu.com/3897-1/

fixed_packages

url	pkg:deb/debian/firefox@65.0-1?distro=sid
purl	pkg:deb/debian/firefox@65.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

aliases CVE-2018-18505

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwgd-pew4-zkf5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@65.0-1%3Fdistro=sid

Package Instance