Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Thunderbird@102.2.1
Typemozilla
Namespace
NameThunderbird
Version102.2.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version102.3.0
Latest_non_vulnerable_version150.0.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6dgw-qbue-nqax
vulnerability_id VCID-6dgw-qbue-nqax
summary 
If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag
having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then
Thunderbird started a network request to that URL, regardless of the configuration to block
remote content. In combination with certain other HTML elements and attributes in the email,
it was possible to execute JavaScript code included in the message in the context of the
message compose document. 
The JavaScript code was able to perform actions including, but probably not limited
to, read and modify the contents of the message compose document, including the quoted
original message, which could potentially contain the decrypted plaintext of encrypted data 
in the crafted email.
The contents could then be transmitted to the network, either to the URL specified in the META refresh tag,
or to a different URL, as the JavaScript code could modify the URL specified in the document.
This bug doesn't affect users who have changed the default Message Body display setting to
'simple html' or 'plain text'.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3033
reference_id
reference_type
scores
0
value 0.00742
scoring_system epss
scoring_elements 0.73137
published_at 2026-05-14T12:55:00Z
1
value 0.00742
scoring_system epss
scoring_elements 0.73007
published_at 2026-04-21T12:55:00Z
2
value 0.00742
scoring_system epss
scoring_elements 0.73047
published_at 2026-04-24T12:55:00Z
3
value 0.00742
scoring_system epss
scoring_elements 0.73057
published_at 2026-04-26T12:55:00Z
4
value 0.00742
scoring_system epss
scoring_elements 0.73054
published_at 2026-04-29T12:55:00Z
5
value 0.00742
scoring_system epss
scoring_elements 0.73048
published_at 2026-05-05T12:55:00Z
6
value 0.00742
scoring_system epss
scoring_elements 0.73076
published_at 2026-05-07T12:55:00Z
7
value 0.00742
scoring_system epss
scoring_elements 0.73098
published_at 2026-05-09T12:55:00Z
8
value 0.00742
scoring_system epss
scoring_elements 0.73058
published_at 2026-05-11T12:55:00Z
9
value 0.00742
scoring_system epss
scoring_elements 0.73082
published_at 2026-05-12T12:55:00Z
10
value 0.00742
scoring_system epss
scoring_elements 0.72917
published_at 2026-04-02T12:55:00Z
11
value 0.00742
scoring_system epss
scoring_elements 0.72937
published_at 2026-04-04T12:55:00Z
12
value 0.00742
scoring_system epss
scoring_elements 0.72912
published_at 2026-04-07T12:55:00Z
13
value 0.00742
scoring_system epss
scoring_elements 0.7295
published_at 2026-04-08T12:55:00Z
14
value 0.00742
scoring_system epss
scoring_elements 0.72964
published_at 2026-04-09T12:55:00Z
15
value 0.00742
scoring_system epss
scoring_elements 0.72989
published_at 2026-04-11T12:55:00Z
16
value 0.00742
scoring_system epss
scoring_elements 0.72969
published_at 2026-04-12T12:55:00Z
17
value 0.00742
scoring_system epss
scoring_elements 0.72962
published_at 2026-04-13T12:55:00Z
18
value 0.00742
scoring_system epss
scoring_elements 0.73004
published_at 2026-04-16T12:55:00Z
19
value 0.00742
scoring_system epss
scoring_elements 0.73014
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3033
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2123256
reference_id 2123256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2123256
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
reference_id mfsa2022-38
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
5
reference_url https://www.mozilla.org/security/advisories/mfsa2022-38/
reference_id mfsa2022-38
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/
url https://www.mozilla.org/security/advisories/mfsa2022-38/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-39
reference_id mfsa2022-39
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-39
7
reference_url https://www.mozilla.org/security/advisories/mfsa2022-39/
reference_id mfsa2022-39
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/
url https://www.mozilla.org/security/advisories/mfsa2022-39/
8
reference_url https://access.redhat.com/errata/RHSA-2022:6708
reference_id RHSA-2022:6708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6708
9
reference_url https://access.redhat.com/errata/RHSA-2022:6710
reference_id RHSA-2022:6710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6710
10
reference_url https://access.redhat.com/errata/RHSA-2022:6713
reference_id RHSA-2022:6713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6713
11
reference_url https://access.redhat.com/errata/RHSA-2022:6715
reference_id RHSA-2022:6715
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6715
12
reference_url https://access.redhat.com/errata/RHSA-2022:6716
reference_id RHSA-2022:6716
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6716
13
reference_url https://access.redhat.com/errata/RHSA-2022:6717
reference_id RHSA-2022:6717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6717
14
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1784838
reference_id show_bug.cgi?id=1784838
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1784838
15
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:mozilla/Thunderbird@91.13.1
purl pkg:mozilla/Thunderbird@91.13.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@91.13.1
1
url pkg:mozilla/Thunderbird@102.2.1
purl pkg:mozilla/Thunderbird@102.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@102.2.1
aliases CVE-2022-3033
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dgw-qbue-nqax
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@102.2.1