{"url":"http://public2.vulnerablecode.io/api/packages/88478?format=json","purl":"pkg:rpm/redhat/thunderbird@140.4.0-2?arch=el9_0","type":"rpm","namespace":"redhat","name":"thunderbird","version":"140.4.0-2","qualifiers":{"arch":"el9_0"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63038?format=json","vulnerability_id":"VCID-4gsx-puz4-a3f1","summary":"Use-after-free in MediaTrackGraphImpl::GetInstance()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11708","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23925","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24141","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24126","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24207","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403769","reference_id":"2403769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403769"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988931","reference_id":"show_bug.cgi?id=1988931","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988931"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11708"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsx-puz4-a3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63049?format=json","vulnerability_id":"VCID-59wd-mtjt-4ban","summary":"Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11714","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17242","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17547","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17374","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17437","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1738","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17389","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17328","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17307","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403763","reference_id":"2403763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403763"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113","reference_id":"buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:27:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11714"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59wd-mtjt-4ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63050?format=json","vulnerability_id":"VCID-6jw1-pere-ruee","summary":"Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11715","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18086","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1814","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18289","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1823","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18296","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18343","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403774","reference_id":"2403774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403774"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899","reference_id":"buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:16Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11715"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jw1-pere-ruee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63040?format=json","vulnerability_id":"VCID-kkgh-a9hg-fud8","summary":"A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11710","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26803","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.268","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403768","reference_id":"2403768","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403768"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989899","reference_id":"show_bug.cgi?id=1989899","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:34Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989899"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11710"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkgh-a9hg-fud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63039?format=json","vulnerability_id":"VCID-qeh2-jn2v-9ug7","summary":"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11709","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26803","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.268","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403765","reference_id":"2403765","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403765"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127","reference_id":"show_bug.cgi?id=1989127","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-15T13:22:47Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11709"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh2-jn2v-9ug7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63044?format=json","vulnerability_id":"VCID-t9cw-yjar-ckfd","summary":"A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11712","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11901","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12028","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12186","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1205","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12122","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403770","reference_id":"2403770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403770"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979536","reference_id":"show_bug.cgi?id=1979536","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:21:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1979536"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9cw-yjar-ckfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63041?format=json","vulnerability_id":"VCID-tgsj-hp8b-27f9","summary":"There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11711","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08064","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08146","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0816","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08169","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403776","reference_id":"2403776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403776"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-82"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-82/","reference_id":"mfsa2025-82","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-82/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18154","reference_id":"RHSA-2025:18154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18155","reference_id":"RHSA-2025:18155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18285","reference_id":"RHSA-2025:18285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18320","reference_id":"RHSA-2025:18320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18321","reference_id":"RHSA-2025:18321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18983","reference_id":"RHSA-2025:18983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19278","reference_id":"RHSA-2025:19278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19938","reference_id":"RHSA-2025:19938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19939","reference_id":"RHSA-2025:19939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19941","reference_id":"RHSA-2025:19941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19942","reference_id":"RHSA-2025:19942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19943","reference_id":"RHSA-2025:19943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19944","reference_id":"RHSA-2025:19944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19945","reference_id":"RHSA-2025:19945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21054","reference_id":"RHSA-2025:21054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21055","reference_id":"RHSA-2025:21055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21056","reference_id":"RHSA-2025:21056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21057","reference_id":"RHSA-2025:21057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21058","reference_id":"RHSA-2025:21058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21059","reference_id":"RHSA-2025:21059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21064","reference_id":"RHSA-2025:21064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989978","reference_id":"show_bug.cgi?id=1989978","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:22:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1989978"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[],"aliases":["CVE-2025-11711"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgsj-hp8b-27f9"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@140.4.0-2%3Farch=el9_0"}