{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","type":"ebuild","namespace":"mail-client","name":"thunderbird","version":"91.12.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"91.13.0","latest_non_vulnerable_version":"128.9.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31201?format=json","vulnerability_id":"VCID-17tt-jftn-m3bd","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31737.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31737","reference_id":"","reference_type":"","scores":[{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60193","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60272","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60258","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092019","reference_id":"2092019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092019"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:56:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:56:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:56:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1743767","reference_id":"show_bug.cgi?id=1743767","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:56:21Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1743767"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31737"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17tt-jftn-m3bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31183?format=json","vulnerability_id":"VCID-1erb-xc8r-8kfm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26384.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26384","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31117","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3103","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31074","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31038","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30982","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062221","reference_id":"2062221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062221"},{"reference_url":"https://security.archlinux.org/AVG-2713","reference_id":"AVG-2713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2713"},{"reference_url":"https://security.archlinux.org/AVG-2714","reference_id":"AVG-2714","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2714"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-10/","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:16:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-11/","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:16:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-11/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-12/","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:16:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1744352","reference_id":"show_bug.cgi?id=1744352","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:16:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1744352"},{"reference_url":"https://usn.ubuntu.com/5321-1/","reference_id":"USN-5321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-1/"},{"reference_url":"https://usn.ubuntu.com/5321-2/","reference_id":"USN-5321-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-2/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26384"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1erb-xc8r-8kfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31161?format=json","vulnerability_id":"VCID-1phe-59fw-9qdt","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22739.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22739","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63431","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63397","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039573","reference_id":"2039573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039573"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:32:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:32:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:32:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1744158","reference_id":"show_bug.cgi?id=1744158","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:32:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1744158"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22739"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1phe-59fw-9qdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31137?format=json","vulnerability_id":"VCID-1ryc-yvxd-93e2","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43529.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43529","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55879","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56041","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56044","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5599","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55989","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088353","reference_id":"2088353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088353"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-43529","reference_id":"show_bug.cgi?id=CVE-2021-43529","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T15:00:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-43529"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43529"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ryc-yvxd-93e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31153?format=json","vulnerability_id":"VCID-27hw-egkx-w7d4","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1529.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1529","reference_id":"","reference_type":"","scores":[{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88813","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88858","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.8887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88841","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04295","scoring_system":"epss","scoring_elements":"0.88822","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2089218","reference_id":"2089218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2089218"},{"reference_url":"https://security.archlinux.org/AVG-2728","reference_id":"AVG-2728","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2728"},{"reference_url":"https://security.archlinux.org/AVG-2729","reference_id":"AVG-2729","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2729"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-19","reference_id":"mfsa2022-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-19"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-19/","reference_id":"mfsa2022-19","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:19:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-19/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4729","reference_id":"RHSA-2022:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4730","reference_id":"RHSA-2022:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4765","reference_id":"RHSA-2022:4765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4766","reference_id":"RHSA-2022:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4767","reference_id":"RHSA-2022:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4768","reference_id":"RHSA-2022:4768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4769","reference_id":"RHSA-2022:4769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4770","reference_id":"RHSA-2022:4770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4772","reference_id":"RHSA-2022:4772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4773","reference_id":"RHSA-2022:4773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4774","reference_id":"RHSA-2022:4774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4776","reference_id":"RHSA-2022:4776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4776"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770048","reference_id":"show_bug.cgi?id=1770048","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:19:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770048"},{"reference_url":"https://usn.ubuntu.com/5434-1/","reference_id":"USN-5434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5434-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1529"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27hw-egkx-w7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31204?format=json","vulnerability_id":"VCID-2s85-r5tn-wucn","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31741.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31741","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54072","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54089","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092024","reference_id":"2092024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092024"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1767590","reference_id":"show_bug.cgi?id=1767590","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1767590"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31741"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s85-r5tn-wucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31123?format=json","vulnerability_id":"VCID-2syj-hbw7-fkbp","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29988.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29988","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.7003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70059","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70019","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69994","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.6998","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992419","reference_id":"1992419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992419"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29988"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2syj-hbw7-fkbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31147?format=json","vulnerability_id":"VCID-2vyc-yhw7-muea","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43546.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43546.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43546","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58791","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58865","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63022","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62974","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63025","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63058","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63044","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030115","reference_id":"2030115","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030115"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43546"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vyc-yhw7-muea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31118?format=json","vulnerability_id":"VCID-3zwq-1hwc-3fgj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29976.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29976","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69158","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69139","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69189","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69121","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69137","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982014","reference_id":"1982014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982014"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29976"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zwq-1hwc-3fgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31119?format=json","vulnerability_id":"VCID-4vt1-q4wj-87bm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29980.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29980","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61405","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61324","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992421","reference_id":"1992421","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992421"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29980"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vt1-q4wj-87bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31188?format=json","vulnerability_id":"VCID-59up-n66e-fyhx","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28281.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28281","reference_id":"","reference_type":"","scores":[{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94262","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94288","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94284","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13838","scoring_system":"epss","scoring_elements":"0.94274","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072560","reference_id":"2072560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072560"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-13/","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:09:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:09:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:09:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1755621","reference_id":"show_bug.cgi?id=1755621","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:09:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1755621"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-28281"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59up-n66e-fyhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31202?format=json","vulnerability_id":"VCID-5f8u-kf14-tkah","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31738.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31738","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36243","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36393","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36299","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36304","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36268","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092021","reference_id":"2092021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092021"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1756388","reference_id":"show_bug.cgi?id=1756388","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1756388"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31738"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8u-kf14-tkah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31152?format=json","vulnerability_id":"VCID-5j76-pxh2-ubhd","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1520.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1520","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26667","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26563","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26621","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26543","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082037","reference_id":"2082037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082037"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:20:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745019","reference_id":"show_bug.cgi?id=1745019","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:20:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745019"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1520"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5j76-pxh2-ubhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31128?format=json","vulnerability_id":"VCID-5qap-6r9b-6qbv","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38493.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38493","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61802","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61888","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61727","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61801","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.61832","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38493"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002119","reference_id":"2002119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002119"},{"reference_url":"https://security.archlinux.org/AVG-2344","reference_id":"AVG-2344","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2344"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38","reference_id":"mfsa2021-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39","reference_id":"mfsa2021-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42","reference_id":"mfsa2021-42","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3494","reference_id":"RHSA-2021:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3495","reference_id":"RHSA-2021:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3496","reference_id":"RHSA-2021:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3497","reference_id":"RHSA-2021:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3498","reference_id":"RHSA-2021:3498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3499","reference_id":"RHSA-2021:3499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3500","reference_id":"RHSA-2021:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3501","reference_id":"RHSA-2021:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3501"},{"reference_url":"https://usn.ubuntu.com/5074-1/","reference_id":"USN-5074-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5074-1/"},{"reference_url":"https://usn.ubuntu.com/5146-1/","reference_id":"USN-5146-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5146-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38493"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qap-6r9b-6qbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31117?format=json","vulnerability_id":"VCID-66dg-7sm8-vbgx","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29970.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29970","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72936","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72949","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72905","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72916","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982013","reference_id":"1982013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982013"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29970"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66dg-7sm8-vbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31170?format=json","vulnerability_id":"VCID-6f7n-yr9x-8fbw","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22751.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22751","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6726","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67295","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67308","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67275","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67247","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67224","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039574","reference_id":"2039574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039574"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011","reference_id":"buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:49:31Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22751"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f7n-yr9x-8fbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31143?format=json","vulnerability_id":"VCID-7458-uqdr-5fg7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43541.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43541","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53802","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55272","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55248","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55298","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55299","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5529","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030111","reference_id":"2030111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030111"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43541"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7458-uqdr-5fg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31129?format=json","vulnerability_id":"VCID-74zp-pzc4-efhm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900","reference_id":"2002900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40","reference_id":"mfsa2021-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41","reference_id":"mfsa2021-41","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38495"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74zp-pzc4-efhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31206?format=json","vulnerability_id":"VCID-7acy-1dnk-pkcq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31747.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31747","reference_id":"","reference_type":"","scores":[{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.70995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.7097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71012","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71027","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.70978","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.7105","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71035","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092026","reference_id":"2092026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092026"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734","reference_id":"buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31747"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7acy-1dnk-pkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31127?format=json","vulnerability_id":"VCID-7fvy-7hpe-kbej","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38492.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38492","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61061","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.60938","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61044","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38492"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002118","reference_id":"2002118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002118"},{"reference_url":"https://security.archlinux.org/AVG-2351","reference_id":"AVG-2351","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2351"},{"reference_url":"https://security.archlinux.org/AVG-2353","reference_id":"AVG-2353","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2353"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38","reference_id":"mfsa2021-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39","reference_id":"mfsa2021-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40","reference_id":"mfsa2021-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41","reference_id":"mfsa2021-41","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42","reference_id":"mfsa2021-42","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38492"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fvy-7hpe-kbej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31209?format=json","vulnerability_id":"VCID-7p9y-82kb-r7h3","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34472.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34472","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.6388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63896","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63947","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63931","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63948","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102166","reference_id":"2102166","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102166"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770123","reference_id":"show_bug.cgi?id=1770123","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:41:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770123"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34472"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7p9y-82kb-r7h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31171?format=json","vulnerability_id":"VCID-89kx-fdvr-73cs","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22754","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09122","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0907","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09121","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053236","reference_id":"2053236","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053236"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750565","reference_id":"show_bug.cgi?id=1750565","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:44:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750565"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22754"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89kx-fdvr-73cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31159?format=json","vulnerability_id":"VCID-8enx-7aa9-cqd3","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22737.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22737","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6039","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60318","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039567","reference_id":"2039567","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039567"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:08:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:08:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:08:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745874","reference_id":"show_bug.cgi?id=1745874","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:08:04Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745874"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22737"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8enx-7aa9-cqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31149?format=json","vulnerability_id":"VCID-9frw-jsb9-c7ge","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0566.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0566","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48597","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48655","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48681","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48661","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055591","reference_id":"2055591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055591"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-07","reference_id":"mfsa2022-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-07/","reference_id":"mfsa2022-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:36:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1753094","reference_id":"show_bug.cgi?id=1753094","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:36:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1753094"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-0566"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9frw-jsb9-c7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31205?format=json","vulnerability_id":"VCID-9tdt-84zg-3fd7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31742.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31742","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57989","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58015","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58031","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.5801","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092025","reference_id":"2092025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092025"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:36:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:36:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:36:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1730434","reference_id":"show_bug.cgi?id=1730434","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:36:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1730434"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31742"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tdt-84zg-3fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31155?format=json","vulnerability_id":"VCID-9tkb-9fch-67bc","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1802.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1802","reference_id":"","reference_type":"","scores":[{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98576","published_at":"2026-04-01T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98591","published_at":"2026-04-13T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98581","published_at":"2026-04-04T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-04-09T12:55:00Z"},{"value":"0.67932","scoring_system":"epss","scoring_elements":"0.98578","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2089217","reference_id":"2089217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2089217"},{"reference_url":"https://security.archlinux.org/AVG-2728","reference_id":"AVG-2728","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2728"},{"reference_url":"https://security.archlinux.org/AVG-2729","reference_id":"AVG-2729","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2729"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-19","reference_id":"mfsa2022-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-19"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-19/","reference_id":"mfsa2022-19","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:16:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-19/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4729","reference_id":"RHSA-2022:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4730","reference_id":"RHSA-2022:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4765","reference_id":"RHSA-2022:4765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4766","reference_id":"RHSA-2022:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4767","reference_id":"RHSA-2022:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4768","reference_id":"RHSA-2022:4768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4769","reference_id":"RHSA-2022:4769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4770","reference_id":"RHSA-2022:4770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4772","reference_id":"RHSA-2022:4772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4773","reference_id":"RHSA-2022:4773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4774","reference_id":"RHSA-2022:4774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4776","reference_id":"RHSA-2022:4776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4776"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770137","reference_id":"show_bug.cgi?id=1770137","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:16:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770137"},{"reference_url":"https://usn.ubuntu.com/5434-1/","reference_id":"USN-5434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5434-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1802"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tkb-9fch-67bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31214?format=json","vulnerability_id":"VCID-9tnj-j5xv-43cm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36318.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36318","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41637","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41682","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41685","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111908","reference_id":"2111908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111908"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-28/","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-29","reference_id":"mfsa2022-29","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-29/","reference_id":"mfsa2022-29","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-30/","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-31","reference_id":"mfsa2022-31","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-31/","reference_id":"mfsa2022-31","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-32/","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5765","reference_id":"RHSA-2022:5765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5766","reference_id":"RHSA-2022:5766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5767","reference_id":"RHSA-2022:5767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5769","reference_id":"RHSA-2022:5769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5770","reference_id":"RHSA-2022:5770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5771","reference_id":"RHSA-2022:5771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5772","reference_id":"RHSA-2022:5772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5773","reference_id":"RHSA-2022:5773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5774","reference_id":"RHSA-2022:5774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5776","reference_id":"RHSA-2022:5776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5777","reference_id":"RHSA-2022:5777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5778","reference_id":"RHSA-2022:5778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5778"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1771774","reference_id":"show_bug.cgi?id=1771774","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:05:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1771774"},{"reference_url":"https://usn.ubuntu.com/5536-1/","reference_id":"USN-5536-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5536-1/"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-36318"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tnj-j5xv-43cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31199?format=json","vulnerability_id":"VCID-a2nq-ss2f-bqac","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29917.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29917.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29917","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57267","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57244","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57296","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57298","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57243","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57291","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081473","reference_id":"2081473","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081473"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778","reference_id":"buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:06:01Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:06:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:06:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:06:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29917"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2nq-ss2f-bqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31122?format=json","vulnerability_id":"VCID-a659-299u-byfb","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29986.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29986","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69131","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69147","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69036","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69124","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69055","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69053","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992417","reference_id":"1992417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992417"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29986"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a659-299u-byfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31134?format=json","vulnerability_id":"VCID-b8c2-qrxm-sybt","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38508.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38508","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56284","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56279","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56294","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56705","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63004","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.62945","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63033","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63313","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019627","reference_id":"2019627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019627"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38508"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8c2-qrxm-sybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31135?format=json","vulnerability_id":"VCID-b911-qnc2-x3aj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38509.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38509","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60757","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61142","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66896","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67244","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019628","reference_id":"2019628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019628"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38509"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b911-qnc2-x3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31145?format=json","vulnerability_id":"VCID-bqyj-qnak-eydy","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43543.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43543.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43543","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64168","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.6409","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.6414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69681","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030113","reference_id":"2030113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030113"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43543"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqyj-qnak-eydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31131?format=json","vulnerability_id":"VCID-c51s-yenc-4yab","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38504.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38504","reference_id":"","reference_type":"","scores":[{"value":"0.00805","scoring_system":"epss","scoring_elements":"0.74085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00805","scoring_system":"epss","scoring_elements":"0.74117","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00805","scoring_system":"epss","scoring_elements":"0.74091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.79725","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.79731","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01711","scoring_system":"epss","scoring_elements":"0.82324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01711","scoring_system":"epss","scoring_elements":"0.82351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01711","scoring_system":"epss","scoring_elements":"0.82332","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01711","scoring_system":"epss","scoring_elements":"0.82297","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019622","reference_id":"2019622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019622"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38504"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c51s-yenc-4yab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31181?format=json","vulnerability_id":"VCID-cqpd-wav4-pubn","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26381.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26381","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40789","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40824","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40805","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40748","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062223","reference_id":"2062223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062223"},{"reference_url":"https://security.archlinux.org/AVG-2713","reference_id":"AVG-2713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2713"},{"reference_url":"https://security.archlinux.org/AVG-2714","reference_id":"AVG-2714","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2714"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-10/","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:27:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-11/","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:27:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-11/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-12/","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:27:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1736243","reference_id":"show_bug.cgi?id=1736243","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:27:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1736243"},{"reference_url":"https://usn.ubuntu.com/5321-1/","reference_id":"USN-5321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-1/"},{"reference_url":"https://usn.ubuntu.com/5321-2/","reference_id":"USN-5321-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-2/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26381"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqpd-wav4-pubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31196?format=json","vulnerability_id":"VCID-cxdv-z3ev-z3ee","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29913.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29913","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3951","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39565","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39484","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39539","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082038","reference_id":"2082038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082038"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:00:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1764778","reference_id":"show_bug.cgi?id=1764778","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:00:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1764778"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29913"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxdv-z3ev-z3ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31165?format=json","vulnerability_id":"VCID-d194-2uh4-pug1","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22743.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22743","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62311","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62238","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62321","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62284","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62268","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62234","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039561","reference_id":"2039561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039561"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739220","reference_id":"show_bug.cgi?id=1739220","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739220"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22743"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d194-2uh4-pug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31166?format=json","vulnerability_id":"VCID-d9vf-maye-6ff7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22745.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22745","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.6446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64423","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64383","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039570","reference_id":"2039570","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039570"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:02:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:02:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:02:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735856","reference_id":"show_bug.cgi?id=1735856","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:02:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735856"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22745"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9vf-maye-6ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31130?format=json","vulnerability_id":"VCID-ddem-1dt1-uff7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38503.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38503","reference_id":"","reference_type":"","scores":[{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.7781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77826","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.8041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.80404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.80431","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.8042","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019621","reference_id":"2019621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019621"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38503"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddem-1dt1-uff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31115?format=json","vulnerability_id":"VCID-dedv-96fb-vyhp","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29967","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58499","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58521","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58538","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58519","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58386","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58491","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966831","reference_id":"1966831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966831"},{"reference_url":"https://security.archlinux.org/ASA-202106-22","reference_id":"ASA-202106-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-22"},{"reference_url":"https://security.archlinux.org/ASA-202106-3","reference_id":"ASA-202106-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-3"},{"reference_url":"https://security.archlinux.org/AVG-2018","reference_id":"AVG-2018","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2018"},{"reference_url":"https://security.archlinux.org/AVG-2035","reference_id":"AVG-2035","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2035"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23","reference_id":"mfsa2021-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24","reference_id":"mfsa2021-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26","reference_id":"mfsa2021-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2206","reference_id":"RHSA-2021:2206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2208","reference_id":"RHSA-2021:2208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2214","reference_id":"RHSA-2021:2214","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2233","reference_id":"RHSA-2021:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2261","reference_id":"RHSA-2021:2261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2262","reference_id":"RHSA-2021:2262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2263","reference_id":"RHSA-2021:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2264","reference_id":"RHSA-2021:2264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2264"},{"reference_url":"https://usn.ubuntu.com/4978-1/","reference_id":"USN-4978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4978-1/"},{"reference_url":"https://usn.ubuntu.com/4995-1/","reference_id":"USN-4995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-1/"},{"reference_url":"https://usn.ubuntu.com/4995-2/","reference_id":"USN-4995-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4995-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29967"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dedv-96fb-vyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31198?format=json","vulnerability_id":"VCID-dg61-9h8j-tkfj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29916.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29916","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47874","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47882","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47852","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47873","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081470","reference_id":"2081470","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081470"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:07:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:07:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:07:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1760674","reference_id":"show_bug.cgi?id=1760674","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:07:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1760674"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29916"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-9h8j-tkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31203?format=json","vulnerability_id":"VCID-dqhd-ay8b-wfam","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31740.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31740","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47621","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47592","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47636","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47612","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092023","reference_id":"2092023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092023"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:51:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:51:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:51:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1766806","reference_id":"show_bug.cgi?id=1766806","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:51:22Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1766806"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5494-1/","reference_id":"USN-5494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5494-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31740"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqhd-ay8b-wfam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31116?format=json","vulnerability_id":"VCID-ea7p-189v-mqbq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29969.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29969","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60286","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60408","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60421","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60428","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60405","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982015","reference_id":"1982015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982015"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29969"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7p-189v-mqbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31179?format=json","vulnerability_id":"VCID-eyrw-5dmv-pqfe","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22764","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47042","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4699","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47038","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47041","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053243","reference_id":"2053243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053243"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279","reference_id":"buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:28:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22764"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyrw-5dmv-pqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31174?format=json","vulnerability_id":"VCID-fa1y-hpcb-27gj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22760","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43392","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43407","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43438","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.4342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43355","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053238","reference_id":"2053238","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053238"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740985","reference_id":"show_bug.cgi?id=1740985","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740985"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1748503","reference_id":"show_bug.cgi?id=1748503","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:35:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1748503"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22760"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa1y-hpcb-27gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31197?format=json","vulnerability_id":"VCID-gfve-nzmn-dbbd","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29914.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29914","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4728","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47282","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47278","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47302","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47276","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081468","reference_id":"2081468","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081468"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:58:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:58:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:58:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1746448","reference_id":"show_bug.cgi?id=1746448","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T19:58:16Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1746448"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29914"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfve-nzmn-dbbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31212?format=json","vulnerability_id":"VCID-gxfx-4gxp-3kdw","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34481.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34481","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43654","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43591","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43642","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102164","reference_id":"2102164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102164"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1497246","reference_id":"show_bug.cgi?id=1497246","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:53:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1497246"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34481"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxfx-4gxp-3kdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31160?format=json","vulnerability_id":"VCID-hn17-6nvj-9qfw","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22738.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22738","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66426","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66394","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66364","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039566","reference_id":"2039566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039566"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:06:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:06:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:06:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742382","reference_id":"show_bug.cgi?id=1742382","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:06:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742382"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22738"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hn17-6nvj-9qfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31191?format=json","vulnerability_id":"VCID-hsr3-c152-nucq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28286.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28286","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41346","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41318","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41321","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41352","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41323","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41272","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072564","reference_id":"2072564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072564"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-13/","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:02:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:02:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:02:32Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735265","reference_id":"show_bug.cgi?id=1735265","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:02:32Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735265"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-28286"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsr3-c152-nucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31211?format=json","vulnerability_id":"VCID-husj-kjf4-ufeq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34479.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34479","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40126","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40157","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40172","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40106","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40159","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102161","reference_id":"2102161","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102161"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745595","reference_id":"show_bug.cgi?id=1745595","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:09:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745595"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34479"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-husj-kjf4-ufeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31195?format=json","vulnerability_id":"VCID-j1zj-1dr1-8yhc","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29912.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29912.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29912","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67344","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.6736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67386","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67407","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67395","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081472","reference_id":"2081472","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081472"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:01:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:01:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:01:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1692655","reference_id":"show_bug.cgi?id=1692655","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:01:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1692655"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29912"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1zj-1dr1-8yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31213?format=json","vulnerability_id":"VCID-jg37-y3r7-8fcq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34484.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34484","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51288","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51343","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51299","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51248","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51303","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102169","reference_id":"2102169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102169"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651","reference_id":"buglist.cgi?bug_id=1763634%2C1772651","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T17:42:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34484"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jg37-y3r7-8fcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31177?format=json","vulnerability_id":"VCID-jj6t-1q5f-uyez","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22763","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62506","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62474","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62525","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62541","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053240","reference_id":"2053240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053240"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740534","reference_id":"show_bug.cgi?id=1740534","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:29:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740534"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jj6t-1q5f-uyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31133?format=json","vulnerability_id":"VCID-jy6e-d578-nkcg","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38507.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38507","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64093","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64065","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67246","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67281","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67544","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67559","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67492","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019625","reference_id":"2019625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019625"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38507"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy6e-d578-nkcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31125?format=json","vulnerability_id":"VCID-kat5-hy8e-skah","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29989.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29989","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66773","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66858","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66811","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992423","reference_id":"1992423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992423"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29989"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kat5-hy8e-skah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31176?format=json","vulnerability_id":"VCID-kpk1-e652-nkfa","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22761","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51499","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51459","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51419","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51465","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51478","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053239","reference_id":"2053239","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053239"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745566","reference_id":"show_bug.cgi?id=1745566","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:33:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745566"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22761"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpk1-e652-nkfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31151?format=json","vulnerability_id":"VCID-kxu1-tc8y-4ufj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1197.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1197","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47019","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47021","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47018","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46966","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072963","reference_id":"2072963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072963"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:25:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1754985","reference_id":"show_bug.cgi?id=1754985","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:25:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1754985"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1197"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxu1-tc8y-4ufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31192?format=json","vulnerability_id":"VCID-mw9j-h66p-k7as","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28289.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28289","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58887","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58915","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58934","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58952","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58876","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072566","reference_id":"2072566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072566"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776","reference_id":"buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:59:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-13/","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:59:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:59:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:59:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-28289"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mw9j-h66p-k7as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31186?format=json","vulnerability_id":"VCID-mwd4-pgxg-zkha","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26485.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26485","reference_id":"","reference_type":"","scores":[{"value":"0.06126","scoring_system":"epss","scoring_elements":"0.90758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06126","scoring_system":"epss","scoring_elements":"0.90769","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0719","scoring_system":"epss","scoring_elements":"0.91588","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0719","scoring_system":"epss","scoring_elements":"0.91582","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0719","scoring_system":"epss","scoring_elements":"0.91592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0719","scoring_system":"epss","scoring_elements":"0.91594","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0719","scoring_system":"epss","scoring_elements":"0.91569","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061736","reference_id":"2061736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061736"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-09","reference_id":"mfsa2022-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-09"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-09/","reference_id":"mfsa2022-09","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:32:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-09/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1758062","reference_id":"show_bug.cgi?id=1758062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:32:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1758062"},{"reference_url":"https://usn.ubuntu.com/5314-1/","reference_id":"USN-5314-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5314-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26485"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwd4-pgxg-zkha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31162?format=json","vulnerability_id":"VCID-mzbp-5r6m-27cm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22740.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22740","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50417","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5044","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50374","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50399","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50353","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039565","reference_id":"2039565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039565"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:31:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:31:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:31:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742334","reference_id":"show_bug.cgi?id=1742334","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:31:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742334"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22740"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzbp-5r6m-27cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31132?format=json","vulnerability_id":"VCID-n4kc-y37w-qkdk","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38506.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38506","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52992","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.73599","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.73634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.73647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.7367","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0087","scoring_system":"epss","scoring_elements":"0.75185","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0087","scoring_system":"epss","scoring_elements":"0.75197","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019624","reference_id":"2019624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019624"},{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4116","reference_id":"RHSA-2021:4116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4123","reference_id":"RHSA-2021:4123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4130","reference_id":"RHSA-2021:4130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4132","reference_id":"RHSA-2021:4132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4133","reference_id":"RHSA-2021:4133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4134","reference_id":"RHSA-2021:4134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4605","reference_id":"RHSA-2021:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4607","reference_id":"RHSA-2021:4607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4607"},{"reference_url":"https://usn.ubuntu.com/5131-1/","reference_id":"USN-5131-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5131-1/"},{"reference_url":"https://usn.ubuntu.com/5152-1/","reference_id":"USN-5152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5152-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-38506"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kc-y37w-qkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31114?format=json","vulnerability_id":"VCID-n796-xf5e-pucq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4140.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4140","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18188","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19862","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20016","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19996","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19913","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039568","reference_id":"2039568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039568"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:55:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:55:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:55:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1746720","reference_id":"show_bug.cgi?id=1746720","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T15:55:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1746720"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-4140"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n796-xf5e-pucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31187?format=json","vulnerability_id":"VCID-pzf5-v82a-hkb9","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26486.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26486","reference_id":"","reference_type":"","scores":[{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.9019","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.9015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90195","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05458","scoring_system":"epss","scoring_elements":"0.90161","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061735","reference_id":"2061735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061735"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-09","reference_id":"mfsa2022-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-09"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-09/","reference_id":"mfsa2022-09","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:24:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-09/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1758070","reference_id":"show_bug.cgi?id=1758070","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:24:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1758070"},{"reference_url":"https://usn.ubuntu.com/5314-1/","reference_id":"USN-5314-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5314-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26486"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzf5-v82a-hkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31172?format=json","vulnerability_id":"VCID-q4bf-vh36-kye9","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22756","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50354","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50348","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50355","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50325","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50352","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50366","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053237","reference_id":"2053237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053237"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317873","reference_id":"show_bug.cgi?id=1317873","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:37:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317873"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22756"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bf-vh36-kye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31142?format=json","vulnerability_id":"VCID-qd4e-g5zv-1ucf","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43539.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43539","reference_id":"","reference_type":"","scores":[{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76578","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76569","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.7658","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76606","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76522","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76527","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030110","reference_id":"2030110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030110"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43539"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd4e-g5zv-1ucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31169?format=json","vulnerability_id":"VCID-qgvp-4eea-bkgm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22748.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22748","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63467","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63431","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63397","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039569","reference_id":"2039569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039569"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:55:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:55:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:55:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1705211","reference_id":"show_bug.cgi?id=1705211","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:55:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1705211"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22748"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgvp-4eea-bkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31185?format=json","vulnerability_id":"VCID-qh4a-bn9p-a7hh","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26387.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26387","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29864","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29781","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29777","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29741","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29679","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29817","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062222","reference_id":"2062222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062222"},{"reference_url":"https://security.archlinux.org/AVG-2713","reference_id":"AVG-2713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2713"},{"reference_url":"https://security.archlinux.org/AVG-2714","reference_id":"AVG-2714","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2714"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-10/","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:10:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-11/","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:10:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-11/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-12/","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:10:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1752979","reference_id":"show_bug.cgi?id=1752979","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T20:10:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1752979"},{"reference_url":"https://usn.ubuntu.com/5321-1/","reference_id":"USN-5321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-1/"},{"reference_url":"https://usn.ubuntu.com/5321-2/","reference_id":"USN-5321-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-2/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26387"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh4a-bn9p-a7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31121?format=json","vulnerability_id":"VCID-qv8f-9y37-bbdk","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29985.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29985","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61405","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61324","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992422","reference_id":"1992422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992422"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29985"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv8f-9y37-bbdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31194?format=json","vulnerability_id":"VCID-r587-gyj4-5kee","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29911.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29911","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5475","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54719","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54771","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54767","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54727","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54778","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54762","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081471","reference_id":"2081471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081471"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:58:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:58:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:58:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1761981","reference_id":"show_bug.cgi?id=1761981","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:58:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1761981"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29911"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r587-gyj4-5kee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31189?format=json","vulnerability_id":"VCID-r631-9h74-sygv","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28282.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28282","reference_id":"","reference_type":"","scores":[{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.89979","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.89967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.90007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.90013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.90015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.90006","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.90001","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05281","scoring_system":"epss","scoring_elements":"0.89985","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072562","reference_id":"2072562","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072562"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-13/","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:08:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:08:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:08:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1751609","reference_id":"show_bug.cgi?id=1751609","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:08:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1751609"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-28282"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r631-9h74-sygv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31146?format=json","vulnerability_id":"VCID-rq11-qm9e-7ubk","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43545.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43545.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43545","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45021","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46346","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46341","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69624","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030114","reference_id":"2030114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030114"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43545"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq11-qm9e-7ubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31156?format=json","vulnerability_id":"VCID-sgc4-z5aa-nkct","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1834","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38595","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38683","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38747","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38675","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092416","reference_id":"2092416","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092416"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1767816","reference_id":"show_bug.cgi?id=1767816","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1767816"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1834"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgc4-z5aa-nkct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31207?format=json","vulnerability_id":"VCID-sm2q-bg6f-4qag","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34468.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34468","reference_id":"","reference_type":"","scores":[{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66903","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66944","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66924","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102163","reference_id":"2102163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102163"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1768537","reference_id":"show_bug.cgi?id=1768537","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1768537"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34468"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sm2q-bg6f-4qag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31150?format=json","vulnerability_id":"VCID-t98b-d1uu-pkan","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1196.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1196","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41684","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41729","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41718","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072561","reference_id":"2072561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072561"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:27:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:27:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750679","reference_id":"show_bug.cgi?id=1750679","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:27:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750679"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-1196"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t98b-d1uu-pkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31126?format=json","vulnerability_id":"VCID-teh4-fmg6-53ab","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30547.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30547.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30547","reference_id":"","reference_type":"","scores":[{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85435","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85358","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85422","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.8537","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85389","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970109","reference_id":"1970109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079","reference_id":"990079","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079"},{"reference_url":"https://security.archlinux.org/ASA-202106-31","reference_id":"ASA-202106-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-31"},{"reference_url":"https://security.archlinux.org/ASA-202106-32","reference_id":"ASA-202106-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-32"},{"reference_url":"https://security.archlinux.org/ASA-202107-20","reference_id":"ASA-202107-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-20"},{"reference_url":"https://security.archlinux.org/ASA-202107-21","reference_id":"ASA-202107-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-21"},{"reference_url":"https://security.archlinux.org/AVG-2057","reference_id":"AVG-2057","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2057"},{"reference_url":"https://security.archlinux.org/AVG-2058","reference_id":"AVG-2058","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2058"},{"reference_url":"https://security.archlinux.org/AVG-2148","reference_id":"AVG-2148","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2148"},{"reference_url":"https://security.archlinux.org/AVG-2152","reference_id":"AVG-2152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2152"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28","reference_id":"mfsa2021-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29","reference_id":"mfsa2021-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30","reference_id":"mfsa2021-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2740","reference_id":"RHSA-2021:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2741","reference_id":"RHSA-2021:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2742","reference_id":"RHSA-2021:2742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2743","reference_id":"RHSA-2021:2743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2881","reference_id":"RHSA-2021:2881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2882","reference_id":"RHSA-2021:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2883","reference_id":"RHSA-2021:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2914","reference_id":"RHSA-2021:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2914"},{"reference_url":"https://usn.ubuntu.com/5011-1/","reference_id":"USN-5011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5011-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-30547"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-teh4-fmg6-53ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31141?format=json","vulnerability_id":"VCID-utn7-mdgr-z7em","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43538.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43538","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50915","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50968","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030109","reference_id":"2030109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030109"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43538"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utn7-mdgr-z7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31208?format=json","vulnerability_id":"VCID-v865-5aar-sueu","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34470.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34470","reference_id":"","reference_type":"","scores":[{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70677","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70628","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.7069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70621","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70667","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102162","reference_id":"2102162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102162"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1765951","reference_id":"show_bug.cgi?id=1765951","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:51:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1765951"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34470"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v865-5aar-sueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31139?format=json","vulnerability_id":"VCID-vc9x-hjtc-q3f1","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43536.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43536","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.65979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6605","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66021","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6837","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68384","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030105","reference_id":"2030105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030105"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43536"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc9x-hjtc-q3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31193?format=json","vulnerability_id":"VCID-vd6g-ywvd-gfhf","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29909.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29909.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29909","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41809","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41842","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41801","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081469","reference_id":"2081469","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081469"},{"reference_url":"https://security.archlinux.org/AVG-2709","reference_id":"AVG-2709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2709"},{"reference_url":"https://security.archlinux.org/AVG-2710","reference_id":"AVG-2710","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2710"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-16/","reference_id":"mfsa2022-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:47:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-17/","reference_id":"mfsa2022-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:47:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-18/","reference_id":"mfsa2022-18","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:47:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1701","reference_id":"RHSA-2022:1701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1702","reference_id":"RHSA-2022:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1703","reference_id":"RHSA-2022:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1704","reference_id":"RHSA-2022:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1705","reference_id":"RHSA-2022:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1724","reference_id":"RHSA-2022:1724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1725","reference_id":"RHSA-2022:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1726","reference_id":"RHSA-2022:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1727","reference_id":"RHSA-2022:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1730","reference_id":"RHSA-2022:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4589","reference_id":"RHSA-2022:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4590","reference_id":"RHSA-2022:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4590"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1755081","reference_id":"show_bug.cgi?id=1755081","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T13:47:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1755081"},{"reference_url":"https://usn.ubuntu.com/5411-1/","reference_id":"USN-5411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5411-1/"},{"reference_url":"https://usn.ubuntu.com/5435-1/","reference_id":"USN-5435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5435-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-29909"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vd6g-ywvd-gfhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31200?format=json","vulnerability_id":"VCID-vg6v-8pv2-mfhf","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31736.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31736","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43973","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43953","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44006","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43989","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092018","reference_id":"2092018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092018"},{"reference_url":"https://security.archlinux.org/AVG-2760","reference_id":"AVG-2760","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2760"},{"reference_url":"https://security.archlinux.org/AVG-2761","reference_id":"AVG-2761","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2761"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:56:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:56:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:56:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4870","reference_id":"RHSA-2022:4870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4871","reference_id":"RHSA-2022:4871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4872","reference_id":"RHSA-2022:4872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4873","reference_id":"RHSA-2022:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4875","reference_id":"RHSA-2022:4875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4876","reference_id":"RHSA-2022:4876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4887","reference_id":"RHSA-2022:4887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4888","reference_id":"RHSA-2022:4888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4889","reference_id":"RHSA-2022:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4890","reference_id":"RHSA-2022:4890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4891","reference_id":"RHSA-2022:4891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4892","reference_id":"RHSA-2022:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735923","reference_id":"show_bug.cgi?id=1735923","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:56:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735923"},{"reference_url":"https://usn.ubuntu.com/5475-1/","reference_id":"USN-5475-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5475-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-31736"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vg6v-8pv2-mfhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31215?format=json","vulnerability_id":"VCID-vgqa-e7yg-wygj","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36319.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36319","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35448","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35526","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35514","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35471","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36319"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111907","reference_id":"2111907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111907"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-28/","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-29","reference_id":"mfsa2022-29","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-29/","reference_id":"mfsa2022-29","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-30/","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-31","reference_id":"mfsa2022-31","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-31/","reference_id":"mfsa2022-31","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-32/","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5765","reference_id":"RHSA-2022:5765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5766","reference_id":"RHSA-2022:5766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5767","reference_id":"RHSA-2022:5767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5769","reference_id":"RHSA-2022:5769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5770","reference_id":"RHSA-2022:5770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5771","reference_id":"RHSA-2022:5771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5772","reference_id":"RHSA-2022:5772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5773","reference_id":"RHSA-2022:5773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5774","reference_id":"RHSA-2022:5774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5776","reference_id":"RHSA-2022:5776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5777","reference_id":"RHSA-2022:5777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5778","reference_id":"RHSA-2022:5778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5778"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737722","reference_id":"show_bug.cgi?id=1737722","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:59:22Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737722"},{"reference_url":"https://usn.ubuntu.com/5536-1/","reference_id":"USN-5536-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5536-1/"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-36319"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgqa-e7yg-wygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31190?format=json","vulnerability_id":"VCID-vpd3-v3fr-hkdm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28285.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28285","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48879","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4888","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48883","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48829","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072563","reference_id":"2072563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072563"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-13/","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:03:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-14/","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:03:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-15/","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:03:24Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1756957","reference_id":"show_bug.cgi?id=1756957","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:03:24Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5393-1/","reference_id":"USN-5393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5393-1/"},{"reference_url":"https://usn.ubuntu.com/5494-1/","reference_id":"USN-5494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5494-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-28285"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpd3-v3fr-hkdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31210?format=json","vulnerability_id":"VCID-vzg5-b77s-g3ft","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34478.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34478","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35345","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35403","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35401","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35377","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102167","reference_id":"2102167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102167"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773717","reference_id":"show_bug.cgi?id=1773717","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773717"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-34478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzg5-b77s-g3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31120?format=json","vulnerability_id":"VCID-w68x-99b7-7qgs","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29984.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29984","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63546","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63562","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.6358","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71375","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992420","reference_id":"1992420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1992420"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3154","reference_id":"RHSA-2021:3154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3155","reference_id":"RHSA-2021:3155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3156","reference_id":"RHSA-2021:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3157","reference_id":"RHSA-2021:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3159","reference_id":"RHSA-2021:3159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3160","reference_id":"RHSA-2021:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3161","reference_id":"RHSA-2021:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3162","reference_id":"RHSA-2021:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3162"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5058-1/","reference_id":"USN-5058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-29984"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w68x-99b7-7qgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31184?format=json","vulnerability_id":"VCID-wqb6-fpwk-ekgy","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26386.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26386","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28282","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2834","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28379","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28269","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062224","reference_id":"2062224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062224"},{"reference_url":"https://security.archlinux.org/AVG-2713","reference_id":"AVG-2713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2713"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-11/","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:11:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-11/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-12/","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:11:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1752396","reference_id":"show_bug.cgi?id=1752396","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T20:11:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1752396"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26386"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqb6-fpwk-ekgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31180?format=json","vulnerability_id":"VCID-wsdd-t7d2-gbda","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24713.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24713","reference_id":"","reference_type":"","scores":[{"value":"0.0985","scoring_system":"epss","scoring_elements":"0.92963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0985","scoring_system":"epss","scoring_elements":"0.92967","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11247","scoring_system":"epss","scoring_elements":"0.93505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11247","scoring_system":"epss","scoring_elements":"0.93509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11247","scoring_system":"epss","scoring_elements":"0.9351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11247","scoring_system":"epss","scoring_elements":"0.93502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11247","scoring_system":"epss","scoring_elements":"0.93494","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/regex","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rust-lang/regex"},{"reference_url":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"},{"reference_url":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24713","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24713"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0013.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5113","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://www.debian.org/security/2022/dsa-5113"},{"reference_url":"https://www.debian.org/security/2022/dsa-5118","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://www.debian.org/security/2022/dsa-5118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007176","reference_id":"1007176","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072565","reference_id":"2072565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072565"},{"reference_url":"https://security.archlinux.org/AVG-2711","reference_id":"AVG-2711","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2711"},{"reference_url":"https://security.archlinux.org/AVG-2712","reference_id":"AVG-2712","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2712"},{"reference_url":"https://github.com/advisories/GHSA-m5pq-gvj9-9vr8","reference_id":"GHSA-m5pq-gvj9-9vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m5pq-gvj9-9vr8"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/","reference_id":"JANLZ3JXWJR7FSHE57K66UIZUIJZI67T","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13","reference_id":"mfsa2022-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14","reference_id":"mfsa2022-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15","reference_id":"mfsa2022-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/","reference_id":"O3YB7CURSG64CIPCDPNMGPE4UU24AB6H","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/","reference_id":"PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1283","reference_id":"RHSA-2022:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1284","reference_id":"RHSA-2022:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1285","reference_id":"RHSA-2022:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1286","reference_id":"RHSA-2022:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1287","reference_id":"RHSA-2022:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1301","reference_id":"RHSA-2022:1301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1302","reference_id":"RHSA-2022:1302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1303","reference_id":"RHSA-2022:1303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1305","reference_id":"RHSA-2022:1305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1326","reference_id":"RHSA-2022:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1326"},{"reference_url":"https://usn.ubuntu.com/5370-1/","reference_id":"USN-5370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5370-1/"},{"reference_url":"https://usn.ubuntu.com/5610-1/","reference_id":"USN-5610-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5610-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-24713","GHSA-m5pq-gvj9-9vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdd-t7d2-gbda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11195?format=json","vulnerability_id":"VCID-xffg-w6fz-yqfj","summary":"Use of a Broken or Risky Cryptographic Algorithm\nThe ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53341","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840","reference_id":"993840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840"},{"reference_url":"https://security.archlinux.org/AVG-2362","reference_id":"AVG-2362","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2362"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529","reference_id":"CVE-2021-40529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-40529"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xffg-w6fz-yqfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31163?format=json","vulnerability_id":"VCID-xp3b-fyfq-xbbq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22741.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22741","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64331","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64281","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64342","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64329","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64315","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64266","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039564","reference_id":"2039564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039564"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:29:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:29:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:29:58Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389","reference_id":"show_bug.cgi?id=1740389","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:29:58Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22741"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xp3b-fyfq-xbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31140?format=json","vulnerability_id":"VCID-xud3-4s7g-rkcv","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43537.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43537","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67212","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67274","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.6725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68258","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68282","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.6827","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030106","reference_id":"2030106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030106"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43537"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xud3-4s7g-rkcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31173?format=json","vulnerability_id":"VCID-y12a-2bn1-vkdz","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22759","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49914","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.4988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49897","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053242","reference_id":"2053242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053242"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0510","reference_id":"RHSA-2022:0510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0511","reference_id":"RHSA-2022:0511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0512","reference_id":"RHSA-2022:0512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0513","reference_id":"RHSA-2022:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0514","reference_id":"RHSA-2022:0514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0535","reference_id":"RHSA-2022:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0536","reference_id":"RHSA-2022:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0537","reference_id":"RHSA-2022:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0538","reference_id":"RHSA-2022:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0539","reference_id":"RHSA-2022:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0539"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739957","reference_id":"show_bug.cgi?id=1739957","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:36:47Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739957"},{"reference_url":"https://usn.ubuntu.com/5284-1/","reference_id":"USN-5284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5284-1/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22759"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y12a-2bn1-vkdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=json","vulnerability_id":"VCID-y43f-tmvr-hqas","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32454","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572","reference_id":"2039572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028","reference_id":"show_bug.cgi?id=1735028","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"},{"reference_url":"https://usn.ubuntu.com/5506-1/","reference_id":"USN-5506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5506-1/"},{"reference_url":"https://usn.ubuntu.com/5872-1/","reference_id":"USN-5872-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5872-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31164?format=json","vulnerability_id":"VCID-y7wn-9j43-jba3","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22742.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22742","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54878","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54934","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54922","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54904","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54873","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039563","reference_id":"2039563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039563"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:28:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739923","reference_id":"show_bug.cgi?id=1739923","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:28:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739923"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-22742"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7wn-9j43-jba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31158?format=json","vulnerability_id":"VCID-ybm7-rhy6-s3dq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2226.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2226","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48956","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49004","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48982","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102204","reference_id":"2102204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102204"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:00:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1775441","reference_id":"show_bug.cgi?id=1775441","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:00:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1775441"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-2226"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybm7-rhy6-s3dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31157?format=json","vulnerability_id":"VCID-ye9r-gnzm-sqe2","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2200.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2200","reference_id":"","reference_type":"","scores":[{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90819","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90867","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90858","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.9084","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06199","scoring_system":"epss","scoring_elements":"0.90851","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102168","reference_id":"2102168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102168"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5469","reference_id":"RHSA-2022:5469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5470","reference_id":"RHSA-2022:5470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5472","reference_id":"RHSA-2022:5472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5473","reference_id":"RHSA-2022:5473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5474","reference_id":"RHSA-2022:5474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5475","reference_id":"RHSA-2022:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5477","reference_id":"RHSA-2022:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5478","reference_id":"RHSA-2022:5478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5479","reference_id":"RHSA-2022:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5480","reference_id":"RHSA-2022:5480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5481","reference_id":"RHSA-2022:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5482","reference_id":"RHSA-2022:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5482"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1771381","reference_id":"show_bug.cgi?id=1771381","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:02:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1771381"},{"reference_url":"https://usn.ubuntu.com/5504-1/","reference_id":"USN-5504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5504-1/"},{"reference_url":"https://usn.ubuntu.com/5512-1/","reference_id":"USN-5512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-2200"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye9r-gnzm-sqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31144?format=json","vulnerability_id":"VCID-yuex-f2ae-ffft","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43542.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43542","reference_id":"","reference_type":"","scores":[{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.70998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.7095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.70992","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.7103","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71014","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030112","reference_id":"2030112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030112"},{"reference_url":"https://security.archlinux.org/ASA-202112-8","reference_id":"ASA-202112-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-8"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2606","reference_id":"AVG-2606","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2606"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5186-1/","reference_id":"USN-5186-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5186-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43542"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuex-f2ae-ffft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31113?format=json","vulnerability_id":"VCID-z19z-zu3b-5khe","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4129.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4129","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52789","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52738","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54222","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54184","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030116","reference_id":"2030116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030116"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421","reference_id":"buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:56:25Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-52"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2021-52/","reference_id":"mfsa2021-52","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:56:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2021-52/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-53"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2021-53/","reference_id":"mfsa2021-53","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:56:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2021-53/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2021-54/","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:56:25Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2021-54/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5013","reference_id":"RHSA-2021:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5014","reference_id":"RHSA-2021:5014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5015","reference_id":"RHSA-2021:5015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5016","reference_id":"RHSA-2021:5016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5017","reference_id":"RHSA-2021:5017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-4129"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z19z-zu3b-5khe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31136?format=json","vulnerability_id":"VCID-zr32-w34c-3ygt","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43528.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43528","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.74987","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75032","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.7499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75019","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.74996","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.7503","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030137","reference_id":"2030137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030137"},{"reference_url":"https://security.archlinux.org/ASA-202112-9","reference_id":"ASA-202112-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-9"},{"reference_url":"https://security.archlinux.org/AVG-2608","reference_id":"AVG-2608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2608"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54","reference_id":"mfsa2021-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5045","reference_id":"RHSA-2021:5045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5046","reference_id":"RHSA-2021:5046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5047","reference_id":"RHSA-2021:5047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5048","reference_id":"RHSA-2021:5048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5055","reference_id":"RHSA-2021:5055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5055"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2021-43528"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr32-w34c-3ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31182?format=json","vulnerability_id":"VCID-ztmj-vavn-8kdf","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26383.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26383","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4959","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49619","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49602","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49607","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49574","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062220","reference_id":"2062220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062220"},{"reference_url":"https://security.archlinux.org/AVG-2713","reference_id":"AVG-2713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2713"},{"reference_url":"https://security.archlinux.org/AVG-2714","reference_id":"AVG-2714","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2714"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-10/","reference_id":"mfsa2022-10","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:19:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-11/","reference_id":"mfsa2022-11","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:19:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-11/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-12/","reference_id":"mfsa2022-12","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:19:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0815","reference_id":"RHSA-2022:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0816","reference_id":"RHSA-2022:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0817","reference_id":"RHSA-2022:0817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0818","reference_id":"RHSA-2022:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0824","reference_id":"RHSA-2022:0824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0843","reference_id":"RHSA-2022:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0845","reference_id":"RHSA-2022:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0847","reference_id":"RHSA-2022:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0850","reference_id":"RHSA-2022:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0853","reference_id":"RHSA-2022:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0853"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742421","reference_id":"show_bug.cgi?id=1742421","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:19:41Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1742421"},{"reference_url":"https://usn.ubuntu.com/5321-1/","reference_id":"USN-5321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-1/"},{"reference_url":"https://usn.ubuntu.com/5321-2/","reference_id":"USN-5321-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5321-2/"},{"reference_url":"https://usn.ubuntu.com/5345-1/","reference_id":"USN-5345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71798?format=json","purl":"pkg:ebuild/mail-client/thunderbird@91.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}],"aliases":["CVE-2022-26383"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztmj-vavn-8kdf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@91.12.0"}