Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/90745?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/90745?format=api", "purl": "pkg:rpm/redhat/thunderbird@128.9.2-1?arch=el8_2", "type": "rpm", "namespace": "redhat", "name": "thunderbird", "version": "128.9.2-1", "qualifiers": { "arch": "el8_2" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62937?format=api", "vulnerability_id": "VCID-jyns-kqp9-4ygh", "summary": "By crafting a malformed file name for an attachment in a multipart\nmessage, an attacker can trick Thunderbird into including a\ndirectory listing of /tmp when the message is forwarded or edited\nas a new message. This vulnerability could allow attackers to\ndisclose sensitive information from the victim's system. This\nvulnerability is not limited to Linux; similar behavior has been\nobserved on Windows as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44916", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45075", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44986", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44993", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44937", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44831", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44899", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4509", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45112", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4508", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359789", "reference_id": "2359789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359789" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379", "reference_id": "show_bug.cgi?id=1956379", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-2830" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyns-kqp9-4ygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62938?format=api", "vulnerability_id": "VCID-n9jq-77ud-v7c9", "summary": "When an email contains multiple attachments with external links\nvia the X-Mozilla-External-Attachment-URL header, only the last\nlink is shown when hovering over any attachment. Although the\ncorrect link is used on click, the misleading hover text could\ntrick users into downloading content from untrusted sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47632", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47685", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47743", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47696", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47677", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47631", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47545", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.4761", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47664", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47634", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47708", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359786", "reference_id": "2359786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359786" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385", "reference_id": "show_bug.cgi?id=1958385", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-3523" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9jq-77ud-v7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62936?format=api", "vulnerability_id": "VCID-rfve-tkv7-13dv", "summary": "Thunderbird processes the X-Mozilla-External-Attachment-URL header\nto handle attachments which can be hosted externally. When an\nemail is opened, Thunderbird accesses the specified URL to \ndetermine file size, and navigates to it when the user clicks the\nattachment. Because the URL is not validated or sanitized, it can\nreference internal resources like chrome:// or SMB share file:// links,\npotentially leading to hashed Windows credential leakage and opening the\ndoor to more serious security issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45693", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45764", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45715", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45674", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45824", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45846", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45842", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793", "reference_id": "2359793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372", "reference_id": "show_bug.cgi?id=1955372", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-3522" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@128.9.2-1%3Farch=el8_2" }